Malware Analysis Report

2024-12-08 01:16

Sample ID 231111-mlhr1see67
Target NEAS.1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e.exe
SHA256 1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor dropper infostealer loader persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e

Threat Level: Known bad

The file NEAS.1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor dropper infostealer loader persistence rat stealer trojan

Suspicious use of NtCreateUserProcessOtherParentProcess

SectopRAT payload

Glupteba payload

SmokeLoader

RedLine

Detect ZGRat V1

RedLine payload

SectopRAT

Detect Mystic stealer payload

Glupteba

ZGRat

Mystic

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious use of UnmapMainImage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:33

Reported

2023-11-11 10:36

Platform

win10v2004-20231023-en

Max time kernel

199s

Max time network

206s

Command Line

C:\Windows\Explorer.EXE

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 4744 created 3200 N/A C:\Users\Admin\AppData\Local\Temp\latestX.exe C:\Windows\Explorer.EXE

ZGRat

rat zgrat

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\E15F.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3gs29nI.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3gs29nI.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3gs29nI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3gs29nI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3gs29nI.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3gs29nI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BFFC.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\F5E2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\F98D.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4512 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe
PID 4512 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe
PID 4512 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe
PID 4640 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe
PID 4640 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe
PID 4640 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe
PID 1336 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe
PID 1336 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe
PID 1336 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe
PID 4956 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3376 wrote to memory of 4276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3376 wrote to memory of 4276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4768 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4768 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4220 wrote to memory of 4324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4220 wrote to memory of 4324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4772 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4772 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 2080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 2080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3684 wrote to memory of 2560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3684 wrote to memory of 2560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4956 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2948 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2948 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 5260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\NEAS.1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.1375f86609d8fe34f907a85a718851c42109bfda03d3000394d04fe63d8a1b7e.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,11286486269308401365,6788230440474777411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,11286486269308401365,6788230440474777411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9606523493351735058,2931345771261759749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9606523493351735058,2931345771261759749,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10374093531163608073,16319412200350505733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10374093531163608073,16319412200350505733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,17351097461799017974,4813336165248669306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,17351097461799017974,4813336165248669306,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe41d046f8,0x7ffe41d04708,0x7ffe41d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5844958344149288658,13222508932905628559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5844958344149288658,13222508932905628559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13915087080131912721,867659693796624508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1392 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2vL2344.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2vL2344.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,315053101226153759,15260546561622245462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 /prefetch:3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3036 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3gs29nI.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3gs29nI.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5124 -ip 5124

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7TW2ZQ68.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7TW2ZQ68.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\AD6D.exe

C:\Users\Admin\AppData\Local\Temp\AD6D.exe

C:\Users\Admin\AppData\Local\Temp\BFFC.exe

C:\Users\Admin\AppData\Local\Temp\BFFC.exe

C:\Users\Admin\AppData\Local\Temp\E15F.exe

C:\Users\Admin\AppData\Local\Temp\E15F.exe

C:\Users\Admin\AppData\Local\Temp\F5E2.exe

C:\Users\Admin\AppData\Local\Temp\F5E2.exe

C:\Users\Admin\AppData\Local\Temp\F98D.exe

C:\Users\Admin\AppData\Local\Temp\F98D.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\F5E2.exe

C:\Users\Admin\AppData\Local\Temp\F5E2.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,18288846627969385745,16893275184863693287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3192 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 254.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 23.21.113.241:443 www.epicgames.com tcp
US 23.21.113.241:443 www.epicgames.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 241.113.21.23.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 59.189.79.40.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
MD 176.123.9.142:37637 tcp
RU 5.42.92.51:19057 tcp
RU 185.174.136.219:443 tcp
US 8.8.8.8:53 142.9.123.176.in-addr.arpa udp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 5.42.64.16 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
US 194.49.94.11:80 tcp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe

MD5 9a075716330658b30346b219f3ec0e07
SHA1 ea9876bc54f6a209646354afa00ee89e355869e8
SHA256 82012e3854b5363528ac3a4d60412f191b2d9e83de93ff8f2f5d959dbbc62a01
SHA512 88df3c181173ddaf46d1f4cbb1f7422ceb92a4582211b1a0638f10497a5a00dd4567218d62f06de2f06e1362474b7124a12ec3e00045d83ac9bf67d721467ba4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hg4nz43.exe

MD5 9a075716330658b30346b219f3ec0e07
SHA1 ea9876bc54f6a209646354afa00ee89e355869e8
SHA256 82012e3854b5363528ac3a4d60412f191b2d9e83de93ff8f2f5d959dbbc62a01
SHA512 88df3c181173ddaf46d1f4cbb1f7422ceb92a4582211b1a0638f10497a5a00dd4567218d62f06de2f06e1362474b7124a12ec3e00045d83ac9bf67d721467ba4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe

MD5 afc46319d5a039fe7e22eca11eadd100
SHA1 510e661745dae7d57e01da04ec30db5fcbb5c81c
SHA256 cd0db3b4477444530197faac4b1946d4f872a58338f814ff4024e2ba53b6c434
SHA512 8559db3835c4065ca16558fb4352344e1b7e7db4ca011e422bf3aac0839653c79cd35b8cff0e7fc4713c6be0776ab11205e19195e1bbd6c6596081776f76a682

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\QJ7bZ13.exe

MD5 afc46319d5a039fe7e22eca11eadd100
SHA1 510e661745dae7d57e01da04ec30db5fcbb5c81c
SHA256 cd0db3b4477444530197faac4b1946d4f872a58338f814ff4024e2ba53b6c434
SHA512 8559db3835c4065ca16558fb4352344e1b7e7db4ca011e422bf3aac0839653c79cd35b8cff0e7fc4713c6be0776ab11205e19195e1bbd6c6596081776f76a682

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe

MD5 afd216bd7ad0b211e64955640644ea2f
SHA1 87c4e38f9c728df00d7fdf6517ffa051ae1d23ec
SHA256 bb7cda39d2f719f771916a11b23369f4d2e6b581dc2b422135f68cd003bb00fd
SHA512 f5efef7b385372f921ca2062bc824f8cdf652b464f78e6435b6fcbaf55d751897f065bbe974d880067c58a23396da6a8a4a6d9b95620d85e3aeeb02a614949d4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TV89VM8.exe

MD5 afd216bd7ad0b211e64955640644ea2f
SHA1 87c4e38f9c728df00d7fdf6517ffa051ae1d23ec
SHA256 bb7cda39d2f719f771916a11b23369f4d2e6b581dc2b422135f68cd003bb00fd
SHA512 f5efef7b385372f921ca2062bc824f8cdf652b464f78e6435b6fcbaf55d751897f065bbe974d880067c58a23396da6a8a4a6d9b95620d85e3aeeb02a614949d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_4772_QVSIZYKYIFVAWHQB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_4768_BRXJIMLAMHVMCEPM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4220_LYOMXVFBYNFPYREE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_4444_JRDLPYWTZQQWWNBR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_3376_OUAOYKFWRVLKTUXA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\261006ca-15a2-4980-9e78-de8e2549f669.tmp

MD5 0f8cfccf78f9180ae997e692ed65c02a
SHA1 3b7b58558871b139c2c51d651d334ff34e2efd43
SHA256 0f523351fa80d9581a0ba6feee8149e25162d408941c466cc30ae4a8936b6e25
SHA512 a18d35c09b043f37638bb62a559d27a6431559ba4abb6242b5be93221992df1073bf6bb4d3ed473e0d06857e63ae251ee1a9e8f25746cfaadd8240f2d858a21d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\70949abf-45a9-43d1-ac3d-97c2b489c63f.tmp

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b7d5b911-0542-4d42-881a-b202a564a080.tmp

MD5 f8de3c011ea9fdec0b2bcc1aa459ecd4
SHA1 24d03edc4048d50ba0dc53731d253cff1affac7a
SHA256 40a24d06d9a6a060d1c4c406dbcb8a157750aef0ef66bf524db3ef40371f7141
SHA512 3edfd936e5a7060c1513edee65769247394e3a1afe336e81067813140783f26090a0bb1af2762f0c8840873dec64205ddd8748d0f77e1512d47fe147da41fbf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5d4a771e4237c4c599d816493cdcb62
SHA1 7a5b4aa882cef6a15c2abe7db5b3cf0377cc2861
SHA256 b928453438e599886a4ca2916d50b19a5757d7bb8208270cad6700abed514e2c
SHA512 2c7fe065b166c2c6f1226d0898b38a87abef60c0dccbc1c39348b1ae218faea02051d05825efbdb3941bf34eba351716a8c30c1e178dc369abae03602c5d03f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5ea5954f-aedc-464c-b44a-f646690d1bbd.tmp

MD5 b12c0d2525387257dfe5382a7a406dd6
SHA1 c2243fd28f9e7e747e7e89b98df4f97bd5d73889
SHA256 e2e6cf346a7eb20bcbff72e7dc1e2339a2be8e0ab24786602f8877b567cd07fc
SHA512 5631a6580aeade4bb56199ff82a3fc9b70bb1acd087f8a036781c26c283a47d9cb887f6480a255920c749a4a5be54d2d68774ce02a7655669343f9732a9dbc0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5d4a771e4237c4c599d816493cdcb62
SHA1 7a5b4aa882cef6a15c2abe7db5b3cf0377cc2861
SHA256 b928453438e599886a4ca2916d50b19a5757d7bb8208270cad6700abed514e2c
SHA512 2c7fe065b166c2c6f1226d0898b38a87abef60c0dccbc1c39348b1ae218faea02051d05825efbdb3941bf34eba351716a8c30c1e178dc369abae03602c5d03f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b12c0d2525387257dfe5382a7a406dd6
SHA1 c2243fd28f9e7e747e7e89b98df4f97bd5d73889
SHA256 e2e6cf346a7eb20bcbff72e7dc1e2339a2be8e0ab24786602f8877b567cd07fc
SHA512 5631a6580aeade4bb56199ff82a3fc9b70bb1acd087f8a036781c26c283a47d9cb887f6480a255920c749a4a5be54d2d68774ce02a7655669343f9732a9dbc0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f8cfccf78f9180ae997e692ed65c02a
SHA1 3b7b58558871b139c2c51d651d334ff34e2efd43
SHA256 0f523351fa80d9581a0ba6feee8149e25162d408941c466cc30ae4a8936b6e25
SHA512 a18d35c09b043f37638bb62a559d27a6431559ba4abb6242b5be93221992df1073bf6bb4d3ed473e0d06857e63ae251ee1a9e8f25746cfaadd8240f2d858a21d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5d4a771e4237c4c599d816493cdcb62
SHA1 7a5b4aa882cef6a15c2abe7db5b3cf0377cc2861
SHA256 b928453438e599886a4ca2916d50b19a5757d7bb8208270cad6700abed514e2c
SHA512 2c7fe065b166c2c6f1226d0898b38a87abef60c0dccbc1c39348b1ae218faea02051d05825efbdb3941bf34eba351716a8c30c1e178dc369abae03602c5d03f7

\??\pipe\LOCAL\crashpad_3684_DZRVPXNAZQSIGUIJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f8de3c011ea9fdec0b2bcc1aa459ecd4
SHA1 24d03edc4048d50ba0dc53731d253cff1affac7a
SHA256 40a24d06d9a6a060d1c4c406dbcb8a157750aef0ef66bf524db3ef40371f7141
SHA512 3edfd936e5a7060c1513edee65769247394e3a1afe336e81067813140783f26090a0bb1af2762f0c8840873dec64205ddd8748d0f77e1512d47fe147da41fbf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_4464_SBZMMAPJBADSLEEF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f8de3c011ea9fdec0b2bcc1aa459ecd4
SHA1 24d03edc4048d50ba0dc53731d253cff1affac7a
SHA256 40a24d06d9a6a060d1c4c406dbcb8a157750aef0ef66bf524db3ef40371f7141
SHA512 3edfd936e5a7060c1513edee65769247394e3a1afe336e81067813140783f26090a0bb1af2762f0c8840873dec64205ddd8748d0f77e1512d47fe147da41fbf1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2vL2344.exe

MD5 679892e938487fe8fc0e653f8feefe9f
SHA1 30a77ff687fe961a88d3a29da0c241fc5557b910
SHA256 2e15631b38fd951b349a186834f7fa300312504459a067f2656cd69aae1d39c6
SHA512 daf7c0a1c7a91d0ce957b7eedd23d176f814abf954da0f5f1911dfa3b202d905f7b444f191976e54a9d6a09ba83bdf9131ad7e9cb65f0b185c3b2b12dd5db4e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b12c0d2525387257dfe5382a7a406dd6
SHA1 c2243fd28f9e7e747e7e89b98df4f97bd5d73889
SHA256 e2e6cf346a7eb20bcbff72e7dc1e2339a2be8e0ab24786602f8877b567cd07fc
SHA512 5631a6580aeade4bb56199ff82a3fc9b70bb1acd087f8a036781c26c283a47d9cb887f6480a255920c749a4a5be54d2d68774ce02a7655669343f9732a9dbc0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4000e9df54a64de6758f7544139fcf4
SHA1 0693e2e06cd693941008574bdb5aca491e280505
SHA256 578ccc4148b4dd64de173655dc01f96bc3aec06e3b8e75c007b2fbb8a0ebddfe
SHA512 9a4f8e59700d82264d181b854468f66e3d0d0fde8a786f79db2bab32864b8885d6b9618ecab40ba8ee4e7818e8f9b68dbb8ff41cd96155749a41ed6cbb6e8ee8

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2vL2344.exe

MD5 679892e938487fe8fc0e653f8feefe9f
SHA1 30a77ff687fe961a88d3a29da0c241fc5557b910
SHA256 2e15631b38fd951b349a186834f7fa300312504459a067f2656cd69aae1d39c6
SHA512 daf7c0a1c7a91d0ce957b7eedd23d176f814abf954da0f5f1911dfa3b202d905f7b444f191976e54a9d6a09ba83bdf9131ad7e9cb65f0b185c3b2b12dd5db4e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2cd5c4d575582c18baffe260bb3cd6c0
SHA1 76d20a925bfc1fb396b272d2878eb064f4d3eef3
SHA256 8058c5b5aed903b4b930142ed54efaa35de76955724a833e0b09deb85fef6470
SHA512 b303c0722802733603e7d701c4a5a1afa2bf2c63bfd0c1de299ca4074b4e617f660200da9e210118ba951cd46db69b269f9353d03bc07710cec75f09cc9ff487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f8cfccf78f9180ae997e692ed65c02a
SHA1 3b7b58558871b139c2c51d651d334ff34e2efd43
SHA256 0f523351fa80d9581a0ba6feee8149e25162d408941c466cc30ae4a8936b6e25
SHA512 a18d35c09b043f37638bb62a559d27a6431559ba4abb6242b5be93221992df1073bf6bb4d3ed473e0d06857e63ae251ee1a9e8f25746cfaadd8240f2d858a21d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 098af97ddd356792c112027a8a1d4995
SHA1 5b17ec41a1587ebd2e82a5b83943aa5ba214e8ef
SHA256 fc79910fdea81b69cdeed5e10d60f19563fee729a32bb1d745cd2b4031ddc76a
SHA512 4fd7c6bdfeb0a42f31c54d1516572112a41be03aafab852a6b0aad6081cee0e85c808e1b2bbf891914cf4da2bad88584c3c0aef890101362bf5ad73e531b2cbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4000e9df54a64de6758f7544139fcf4
SHA1 0693e2e06cd693941008574bdb5aca491e280505
SHA256 578ccc4148b4dd64de173655dc01f96bc3aec06e3b8e75c007b2fbb8a0ebddfe
SHA512 9a4f8e59700d82264d181b854468f66e3d0d0fde8a786f79db2bab32864b8885d6b9618ecab40ba8ee4e7818e8f9b68dbb8ff41cd96155749a41ed6cbb6e8ee8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c32c6d9bd92c0af944b833f72a39ceb9
SHA1 0f006d19bbd02b2079a5162a9d199e2c465b0ca1
SHA256 6b4f5cb57a56a58aebd45936b0a8a493ab3881458d3bdb5becdb53c990935457
SHA512 11daf83b7a75fc3af4184487522bf91bd0a4c2c849c4eac559b0927191b5c9102f2dadd0d57e1a84f205ba3b4faa57ade44fd6de3c92961a25e8565c135cbe70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bcda426aeb5afd6454f8b0a087c70b8a
SHA1 0fafc39b088e816765117dfcb847ac908fd3edc2
SHA256 4aec4c4742b4ff459a438a39a18b30f4b872aad1a7f6e024419daad6862e4f9b
SHA512 c25a986fa77db98d55ab6a5bec656114eb85beca79707d02e12c432a7b8880506cc9494fb5b6e46f8301ee17026ddd097ed28165071eb35d552f74fa867a958e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9a4106d459c071d8f289c44941ac4986
SHA1 75f0c4ee30631f2ef274a17838557d17bbed5064
SHA256 c2cd1c527e1280d6c92ee9da7fd18633791567fffb65d952e1223c4bbb439b9b
SHA512 c21706d7185944b31c6b0f13e133d4b94e4c7227168843004951ec92e1f30cd24a6cc7854fe2cf2e7b6f789315bf044ab0e6b6bfba795348fb4ec90424038215

memory/5124-283-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5124-320-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5124-321-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5124-323-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4956-330-0x0000000000400000-0x000000000040B000-memory.dmp

memory/3200-396-0x0000000002A20000-0x0000000002A36000-memory.dmp

memory/4956-398-0x0000000000400000-0x000000000040B000-memory.dmp

memory/5544-406-0x0000000000400000-0x000000000043C000-memory.dmp

memory/5544-428-0x00000000745F0000-0x0000000074DA0000-memory.dmp

memory/5544-429-0x0000000008070000-0x0000000008614000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b1561af74a868f14af4416204ff7af95
SHA1 a77d8b7c0d1795ba819a8acfc39a00e9ad8fee57
SHA256 344ba96fe9573289cadbae1e1e54468d00048da100ba9596aca1b5f98c5e6681
SHA512 265fe1ed2806da0bf3406053f042705773c86d4014c3eb1a46ef152683f2fcb2db172900d1bd7fa37fd18a885e4b6a01dda511a3ff05ce09412942bdc358e145

memory/5544-450-0x0000000007B60000-0x0000000007BF2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 96144eded6832e55b8dcb4893df467b0
SHA1 6d7ff1098a207d05deb115038d0cac2d740edf36
SHA256 d86ce42c44bddba515285705740734d242156993afb2b941312848193d1984a8
SHA512 e8b9ed2a2748d40e1c592e89dc09ea9f1c15abf412ecf671f0ca0c209ec68e9805a5f2a808759cb5e4c727315d788a5c4d0e802b9c4fd2b5f6879d7f7f396498

memory/5544-464-0x00000000745F0000-0x0000000074DA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 918ecd7940dcab6b9f4b8bdd4d3772b2
SHA1 7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4
SHA256 3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175
SHA512 c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

memory/3896-488-0x0000000000400000-0x000000000046F000-memory.dmp

memory/3896-490-0x0000000000540000-0x000000000059A000-memory.dmp

memory/3896-495-0x00000000745F0000-0x0000000074DA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed809f8fabc6204c1e4c3757c93e17e2
SHA1 f83b28af71b3c1fa69a61550e9e9fbeb78dc483d
SHA256 2b9f41628e1ee3d5d965d8dba0b0c5266250750df8e80a1b03090692c289f7c1
SHA512 5042c79cff62d26905035924c5ac2529d470f25978c95dcaa6084ffa80f17372cc5cf7e3d7712ced007118799fa7be954ca08d3b25f615c6fc946d0d543bb2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59d16f.TMP

MD5 61853589c7a79ee27d12d39bf85a5a30
SHA1 c657ae4bf39385514708d72bfee08501b4f4fe80
SHA256 0141fe21b40d7a88177c94e1c5c0c079d6de2bd2843e061421e1f21589593518
SHA512 0209887cd24d48f6350b63caf76f7ea7a05edd2afd0cfd2624a5d70704c01db08a8f2489d77716a2a570b9659e989442f4f85674a6a4d782192fa618ac51bd5e

memory/2232-515-0x0000000000A80000-0x0000000000A9E000-memory.dmp

memory/2232-516-0x00000000745F0000-0x0000000074DA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 18cac45c06c5511c5b004ab1ee0f7395
SHA1 c9f3ffdeea482aec57dc14fd1fd2a4120f3ded10
SHA256 65722aab708daac153accb68736f596b934d82cb4aa8b53192d687d197ea1b4a
SHA512 eaa804935940a55be9f8d72e467fb5ce79548b8b28aa23b72367e6c8812f2ceb7bd4f1b26fc16001b1440a78a1dbea479b22d02cd32c938cae0a0a81b75e4ccf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab84df7e28daa90a3a20acaaa07d31c9
SHA1 78db2c67f7e33e1705ce30317314fcec230eaf5d
SHA256 aa69c96019625439b74faf02a9e2f519311337f16f9613d2927a0b76934304ac
SHA512 f905502fa1b83c6c9452d4280cb6da2ca58d5f7fc4b5558a02b6d70d90726c6e922ba7483923ad50c848ee5890e410d302b29759fecdbf15199f2777feb4daf9

memory/3896-543-0x0000000007640000-0x0000000007650000-memory.dmp

memory/2232-545-0x0000000005940000-0x0000000005F58000-memory.dmp

memory/2232-546-0x00000000052C0000-0x00000000052D2000-memory.dmp

memory/5544-547-0x0000000007D70000-0x0000000007D7A000-memory.dmp

memory/2232-548-0x0000000005360000-0x000000000539C000-memory.dmp

memory/5220-549-0x00000000745F0000-0x0000000074DA0000-memory.dmp

memory/5220-550-0x00000000001A0000-0x0000000000E3A000-memory.dmp

memory/2232-551-0x0000000005310000-0x0000000005320000-memory.dmp

memory/2232-552-0x00000000053A0000-0x00000000053EC000-memory.dmp

memory/3896-553-0x0000000007E70000-0x0000000007F7A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 493d0e2ae73d49c4e059f37cf60849aa
SHA1 6df18984b9b67a37bdbcd2905576ff70a0b5ab11
SHA256 eae04b819f8a115761a061a0f590a00f8ea4f043a71c31790ab55b7afad23a97
SHA512 35d8ee4a2bced5410a9f2d058c738a05a0aeed6b1e62b403849a700233190e9e21d81ab7d8260c96f831e7ac6fd29c6b2d0e734ccc74667976117806d60df0e4

memory/2212-566-0x0000024924100000-0x00000249241EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/2212-573-0x00007FFE3DB10000-0x00007FFE3E5D1000-memory.dmp

memory/2212-571-0x000002493E600000-0x000002493E6E0000-memory.dmp

memory/2212-572-0x000002493E770000-0x000002493E850000-memory.dmp

memory/2212-579-0x000002493E850000-0x000002493E918000-memory.dmp

memory/2212-580-0x000002493E6F0000-0x000002493E700000-memory.dmp

memory/3896-578-0x00000000745F0000-0x0000000074DA0000-memory.dmp

memory/3964-582-0x0000019CCA680000-0x0000019CCA780000-memory.dmp

memory/3964-577-0x0000019CB01E0000-0x0000019CB0282000-memory.dmp

memory/3964-592-0x00007FFE3DB10000-0x00007FFE3E5D1000-memory.dmp

memory/3964-593-0x0000019CCA7C0000-0x0000019CCA7D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/3896-584-0x0000000008100000-0x0000000008166000-memory.dmp

memory/2212-583-0x000002493EA20000-0x000002493EAE8000-memory.dmp

memory/2212-597-0x000002493EAF0000-0x000002493EB3C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/2232-595-0x00000000745F0000-0x0000000074DA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/5220-615-0x00000000745F0000-0x0000000074DA0000-memory.dmp

memory/1688-616-0x0000000000A00000-0x0000000000A01000-memory.dmp

memory/2804-617-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/2804-620-0x0000029246780000-0x0000029246864000-memory.dmp

memory/3964-618-0x0000019CCA7D0000-0x0000019CCA826000-memory.dmp

memory/2212-621-0x00007FFE3DB10000-0x00007FFE3E5D1000-memory.dmp

memory/2804-622-0x00007FFE3DB10000-0x00007FFE3E5D1000-memory.dmp

memory/2804-623-0x0000029246870000-0x0000029246880000-memory.dmp

memory/2804-624-0x0000029246780000-0x0000029246861000-memory.dmp

memory/3964-625-0x0000019CCA880000-0x0000019CCA8D4000-memory.dmp

memory/2804-626-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-628-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-630-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-632-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-634-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-636-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-638-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-640-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-642-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-644-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-646-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-649-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-652-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-654-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-656-0x0000029246780000-0x0000029246861000-memory.dmp

memory/3896-657-0x00000000088A0000-0x00000000088F0000-memory.dmp

memory/3896-667-0x0000000008910000-0x0000000008986000-memory.dmp

memory/2804-669-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-671-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-682-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-684-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-686-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-688-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-690-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-692-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-694-0x0000029246780000-0x0000029246861000-memory.dmp

memory/2804-696-0x0000029246780000-0x0000029246861000-memory.dmp

memory/6896-704-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2552-701-0x0000000000920000-0x0000000000A20000-memory.dmp

memory/2552-703-0x00000000008F0000-0x00000000008F9000-memory.dmp

memory/3896-712-0x0000000007640000-0x0000000007650000-memory.dmp

memory/1528-714-0x0000000002A50000-0x0000000002E56000-memory.dmp

memory/1528-718-0x0000000002E60000-0x000000000374B000-memory.dmp

memory/6896-1328-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2232-1421-0x0000000005310000-0x0000000005320000-memory.dmp

memory/1528-1425-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 83e6ff92b91a2509ea21e246794034cf
SHA1 4704f278be041bfee49e2175a54aaf40ee1d0f5b
SHA256 7dd10ff0903623e473fddab6eb0b19b4c33cb76370b0cd030c0f01eb04912163
SHA512 5ba7c53d4c67a1aab3ca92235767cac9f7ad98bfbb3034858717ffcb1e3f097481b690d7eb20302b3da67bbb7484ef1d996774d7ad9a7d0a11d671e432b0980e

memory/3964-2125-0x00007FFE3DB10000-0x00007FFE3E5D1000-memory.dmp

memory/3964-2127-0x0000019CCA7C0000-0x0000019CCA7D0000-memory.dmp

memory/1688-2402-0x0000000000A00000-0x0000000000A01000-memory.dmp

memory/3964-2420-0x00007FFE3DB10000-0x00007FFE3E5D1000-memory.dmp

memory/2804-2703-0x00007FFE3DB10000-0x00007FFE3E5D1000-memory.dmp

memory/2804-2705-0x0000029246870000-0x0000029246880000-memory.dmp

memory/6640-2791-0x00007FFE3DB10000-0x00007FFE3E5D1000-memory.dmp

memory/6640-2793-0x000002A5EC800000-0x000002A5EC810000-memory.dmp

memory/6640-2795-0x000002A5EC800000-0x000002A5EC810000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_avspdrok.ocj.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6640-2898-0x000002A5EC910000-0x000002A5EC932000-memory.dmp