Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-x4czlabc4y
Target 0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3
SHA256 0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3
Tags
glupteba mystic redline smokeloader zgrat taiga up3 backdoor paypal dropper evasion infostealer loader persistence phishing rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3

Threat Level: Known bad

The file 0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader zgrat taiga up3 backdoor paypal dropper evasion infostealer loader persistence phishing rat stealer trojan

SmokeLoader

RedLine

Detect ZGRat V1

Glupteba

Detect Mystic stealer payload

RedLine payload

Mystic

Glupteba payload

ZGRat

Downloads MZ/PE file

Stops running service(s)

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

Launches sc.exe

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 19:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 19:24

Reported

2023-11-11 19:26

Platform

win10v2004-20231023-en

Max time kernel

32s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Stops running service(s)

evasion

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7wF24Mv.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7wF24Mv.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7wF24Mv.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7wF24Mv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7wF24Mv.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7wF24Mv.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5108 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe
PID 5108 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe
PID 5108 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe
PID 4416 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe
PID 4416 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe
PID 4416 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe
PID 1236 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe
PID 1236 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe
PID 1236 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe
PID 3980 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe
PID 3980 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe
PID 3980 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe
PID 3748 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1180 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1180 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2076 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2076 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 1288 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3468 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3468 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 5332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3.exe

"C:\Users\Admin\AppData\Local\Temp\0f8ceeb028fd3b9e44dc5723b3ce44122e7f4f59c1ba1bb956e5f595d8be5fd3.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x78,0x84,0x88,0x15c,0x8c,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,5122985666152099718,8008701948199678116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,1125394376702864721,11613499677906816444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,5122985666152099718,8008701948199678116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,1125394376702864721,11613499677906816444,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16883410152702475716,17206784175684638122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5580714737590553202,2267690937798135638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5580714737590553202,2267690937798135638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13939526160756659904,144710316960546740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,154117385019883957,13139269411945027224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16883410152702475716,17206784175684638122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,154117385019883957,13139269411945027224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13939526160756659904,144710316960546740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8435c46f8,0x7ff8435c4708,0x7ff8435c4718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2sZ7287.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2sZ7287.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,13604241611176251029,2682036036423038473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7wF24Mv.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7wF24Mv.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 7952 -ip 7952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8SO335gh.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8SO335gh.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9jn1kt3.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9jn1kt3.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9444 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\9333.exe

C:\Users\Admin\AppData\Local\Temp\9333.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5520 -ip 5520

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 772

C:\Users\Admin\AppData\Local\Temp\D87A.exe

C:\Users\Admin\AppData\Local\Temp\D87A.exe

C:\Users\Admin\AppData\Local\Temp\DC34.exe

C:\Users\Admin\AppData\Local\Temp\DC34.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\DC34.exe

C:\Users\Admin\AppData\Local\Temp\DC34.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Users\Admin\AppData\Local\Temp\A523.exe

C:\Users\Admin\AppData\Local\Temp\A523.exe

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9117697620717077543,12474110363188073572,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4488 /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 twitter.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 54.152.70.17:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 136.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 17.70.152.54.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 t.co udp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 135.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 139.121.18.2.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 fbsbx.com udp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 www.epicgames.com udp
US 3.210.187.106:443 www.epicgames.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 3.210.187.106:443 www.epicgames.com tcp
US 3.210.187.106:443 www.epicgames.com tcp
US 3.210.187.106:443 www.epicgames.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 106.187.210.3.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe

MD5 b46c4136376d3f5ead6af168ba79a5ad
SHA1 c7b03f339892e3c5c63826603e7016ea92ea7a18
SHA256 b177c33ee41ada55fddb1a37c928e6c101d977c653aef2444b2ec5a96807a1e5
SHA512 c64ffec2148e724dcf96cdc8cb6183dc149fe8dafaf548be4df1777053e631e96b64752449659124f2415a1c36d8fdf7b5f4bc4e949186e46581716372bccba1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pa6NR27.exe

MD5 b46c4136376d3f5ead6af168ba79a5ad
SHA1 c7b03f339892e3c5c63826603e7016ea92ea7a18
SHA256 b177c33ee41ada55fddb1a37c928e6c101d977c653aef2444b2ec5a96807a1e5
SHA512 c64ffec2148e724dcf96cdc8cb6183dc149fe8dafaf548be4df1777053e631e96b64752449659124f2415a1c36d8fdf7b5f4bc4e949186e46581716372bccba1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe

MD5 2b587005da229b764483480ac5c45fc9
SHA1 37d21a3ff6ce4643316ce72a7b379576c962917e
SHA256 0485b9e6018c57e42881b6735f437c996b9ebfad81f1021d2a93343eb47c3d54
SHA512 18329aad884aa36ad07f81f9807df16904d7bd6e7eae8b444bb7f0069b4f598953f74f6a2566483210405bf015a055bbd64e1171df7cded82758f74ab8fc1483

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qW4wX14.exe

MD5 2b587005da229b764483480ac5c45fc9
SHA1 37d21a3ff6ce4643316ce72a7b379576c962917e
SHA256 0485b9e6018c57e42881b6735f437c996b9ebfad81f1021d2a93343eb47c3d54
SHA512 18329aad884aa36ad07f81f9807df16904d7bd6e7eae8b444bb7f0069b4f598953f74f6a2566483210405bf015a055bbd64e1171df7cded82758f74ab8fc1483

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe

MD5 fcc5d9dbe7e38c7037a4875a23d7dd66
SHA1 8bdf8d93982e9e3c1463f0f23466d47db63b4827
SHA256 5124eb9f658763dc5a22a35938f32a9ebdcbedc36a9932156118de590786581e
SHA512 e3ab99ec43bcbc1b426186d458ba3213c73d5c186a4de7283898126943e87caeec69c7ee5c3797ba0bc828c39d438db1ea26e924ab4e4ba82444974626b11a2b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\gf4sW47.exe

MD5 fcc5d9dbe7e38c7037a4875a23d7dd66
SHA1 8bdf8d93982e9e3c1463f0f23466d47db63b4827
SHA256 5124eb9f658763dc5a22a35938f32a9ebdcbedc36a9932156118de590786581e
SHA512 e3ab99ec43bcbc1b426186d458ba3213c73d5c186a4de7283898126943e87caeec69c7ee5c3797ba0bc828c39d438db1ea26e924ab4e4ba82444974626b11a2b

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe

MD5 b333d90247bf03e6786374e31aef4cda
SHA1 8244f1c6f1718d759540b5b183d33d80b55fbe4f
SHA256 d472933636b6c256c1e1194a9f1ec4aef5c473efdf5afc3614be66fbeee234f4
SHA512 47b322b65ecd3d32ded27130a013d5794c0523055fa43a332f83844bffcf114efe68617639331778b99fc48e2a5fe962ee109904a719ed12569ba536a36a77f1

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1zi95eD3.exe

MD5 b333d90247bf03e6786374e31aef4cda
SHA1 8244f1c6f1718d759540b5b183d33d80b55fbe4f
SHA256 d472933636b6c256c1e1194a9f1ec4aef5c473efdf5afc3614be66fbeee234f4
SHA512 47b322b65ecd3d32ded27130a013d5794c0523055fa43a332f83844bffcf114efe68617639331778b99fc48e2a5fe962ee109904a719ed12569ba536a36a77f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1180_YRYQABZGHRHCYWBK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3064_PWEQAOGDJOPWWSVB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1288_YLHETXLDMPGJGMPJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1040_LDIQKDSQARSLILNN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_2076_CGWEKNZNEGVUBUMP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1068_DLSLWGHVXWRTBYEU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e320d61882b004588b02faf220622f7
SHA1 92abb13570bfe38e5d462146df899f202b042f38
SHA256 2057217645f4c6e82f1165597656d091851d0aff0706053eaf43a4a60d95d52c
SHA512 bbbc28ba61c219990450d2ac425aeeee9317a631d9f91d177d752bbbf52fe5fd0c1ff31a3a7603e27cac136fe26a2f7028c37b353dcd03e4d6e43cd0f80d8ce9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53a03dbb8f082691b3689fe004be2f72
SHA1 b14281b2e8b701fc74865a4bcad6cd989de8c675
SHA256 e911d971d24404e2f6b6ffb7021db12b0cd868a570ff7434233bf99de97c101a
SHA512 3ccbd8b835d7e67497c65d9d992eb5c029b28e9297277f0ca27395eec53d0205e57655e4271587721b4496eaf22686625738d2f90d45135501523c611de7a2f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15c06620e3450331e4ea15076e94c6a9
SHA1 d9f18c5f2b2445f8e841f2378b94d3ef3b866f09
SHA256 203119086d41d8afe394cb8b42ad9257ca8d7549699d59fcfbf08d1b79c2a62a
SHA512 74789108030398ba5f1e8b6b6f0e7d62c19c525165e2288f8b13a8c1339d625cb1f53a72c0249151c728f9f92854d56ebd95991b19a24614bfd444bb60fe7be3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d7f20a0092042941c614f0c7b6830047
SHA1 f10b48105fcaa8b6b9a640d8f9255134afe615ee
SHA256 0384eb6a6df8582172925c55eed07603967a47442bde906806ae02071ceb184b
SHA512 1118f5107b9f26119f0c9e2b1159fb6dc93f8ac24ff32303e3ffb5e094b6e7eb5a350a960a9eb57d1d3f834e0aa82fafe05044c9b847cddfaa64bab1ffda3b36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 16875aa01ac9c7c3cb7cd2bd193c8c57
SHA1 37090ca0614047e491cf078f91ebcd3d35a9982d
SHA256 561c5c427a95b0149cc3ac5d49bc88207b1c15fca922a9a77a37799dc852ca32
SHA512 65b7242fabac83a5d85f94a35ab87bb8a3375295ba9c0cf120af2f0d350530c3bff3208bb0a3e5c2b9a9d92a579b1299bcd6b95c6d68cc826eaeabb996a14ee8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d7f20a0092042941c614f0c7b6830047
SHA1 f10b48105fcaa8b6b9a640d8f9255134afe615ee
SHA256 0384eb6a6df8582172925c55eed07603967a47442bde906806ae02071ceb184b
SHA512 1118f5107b9f26119f0c9e2b1159fb6dc93f8ac24ff32303e3ffb5e094b6e7eb5a350a960a9eb57d1d3f834e0aa82fafe05044c9b847cddfaa64bab1ffda3b36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22218dcbba411413f9e0208d02585d99
SHA1 958219506dd0c4adb39da544416030bfc495fec9
SHA256 be2015c7160f8ebaf4f54a8f5842c6204230b217dbac9abf06918c162d19f9be
SHA512 1b9b31b387beda21f207ad0421596ceaa8b16f8547a89e7be0541d5152595cc16d7a969187dadf23ede83eddc8f4f7afdbf574aef8f8141556697218f2af503a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22218dcbba411413f9e0208d02585d99
SHA1 958219506dd0c4adb39da544416030bfc495fec9
SHA256 be2015c7160f8ebaf4f54a8f5842c6204230b217dbac9abf06918c162d19f9be
SHA512 1b9b31b387beda21f207ad0421596ceaa8b16f8547a89e7be0541d5152595cc16d7a969187dadf23ede83eddc8f4f7afdbf574aef8f8141556697218f2af503a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e320d61882b004588b02faf220622f7
SHA1 92abb13570bfe38e5d462146df899f202b042f38
SHA256 2057217645f4c6e82f1165597656d091851d0aff0706053eaf43a4a60d95d52c
SHA512 bbbc28ba61c219990450d2ac425aeeee9317a631d9f91d177d752bbbf52fe5fd0c1ff31a3a7603e27cac136fe26a2f7028c37b353dcd03e4d6e43cd0f80d8ce9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15c06620e3450331e4ea15076e94c6a9
SHA1 d9f18c5f2b2445f8e841f2378b94d3ef3b866f09
SHA256 203119086d41d8afe394cb8b42ad9257ca8d7549699d59fcfbf08d1b79c2a62a
SHA512 74789108030398ba5f1e8b6b6f0e7d62c19c525165e2288f8b13a8c1339d625cb1f53a72c0249151c728f9f92854d56ebd95991b19a24614bfd444bb60fe7be3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 16875aa01ac9c7c3cb7cd2bd193c8c57
SHA1 37090ca0614047e491cf078f91ebcd3d35a9982d
SHA256 561c5c427a95b0149cc3ac5d49bc88207b1c15fca922a9a77a37799dc852ca32
SHA512 65b7242fabac83a5d85f94a35ab87bb8a3375295ba9c0cf120af2f0d350530c3bff3208bb0a3e5c2b9a9d92a579b1299bcd6b95c6d68cc826eaeabb996a14ee8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2sZ7287.exe

MD5 739c3f41b779cd77be91009e4d7fcb5e
SHA1 3fa39a757e5af3173a6090c2456b638d1c7fec5d
SHA256 4744d07265497d961e8a2c065141a9e27ebde8edc0b0053305f9a2f2b847f1d5
SHA512 ec1642687f2daae65e698b891d55c9760ac180c8172d7d95bee7185e886244fe1284476b4d1d696e2329d956e88a70f46f6e855c121545e2fa4ca2b5f1bea258

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53a03dbb8f082691b3689fe004be2f72
SHA1 b14281b2e8b701fc74865a4bcad6cd989de8c675
SHA256 e911d971d24404e2f6b6ffb7021db12b0cd868a570ff7434233bf99de97c101a
SHA512 3ccbd8b835d7e67497c65d9d992eb5c029b28e9297277f0ca27395eec53d0205e57655e4271587721b4496eaf22686625738d2f90d45135501523c611de7a2f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3f953e5fb1b5a036be8d1745701efe55
SHA1 70f1beefe6a331b7d8588487853e57661eda2cb0
SHA256 8de6fd3ebc4e608bd271a6b7d17cfef9c30e516cc99109c35dcc4ee77842ee9b
SHA512 9bc85c126dd6811c65e8e78270dc1c8e2ba0071f2474b653b026cb56b42d0eb8501cfaa6f5203e2d77c2a3b8054dbda639a059fdef1fc5be24cae3ff005c8b27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3f953e5fb1b5a036be8d1745701efe55
SHA1 70f1beefe6a331b7d8588487853e57661eda2cb0
SHA256 8de6fd3ebc4e608bd271a6b7d17cfef9c30e516cc99109c35dcc4ee77842ee9b
SHA512 9bc85c126dd6811c65e8e78270dc1c8e2ba0071f2474b653b026cb56b42d0eb8501cfaa6f5203e2d77c2a3b8054dbda639a059fdef1fc5be24cae3ff005c8b27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53a03dbb8f082691b3689fe004be2f72
SHA1 b14281b2e8b701fc74865a4bcad6cd989de8c675
SHA256 e911d971d24404e2f6b6ffb7021db12b0cd868a570ff7434233bf99de97c101a
SHA512 3ccbd8b835d7e67497c65d9d992eb5c029b28e9297277f0ca27395eec53d0205e57655e4271587721b4496eaf22686625738d2f90d45135501523c611de7a2f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e320d61882b004588b02faf220622f7
SHA1 92abb13570bfe38e5d462146df899f202b042f38
SHA256 2057217645f4c6e82f1165597656d091851d0aff0706053eaf43a4a60d95d52c
SHA512 bbbc28ba61c219990450d2ac425aeeee9317a631d9f91d177d752bbbf52fe5fd0c1ff31a3a7603e27cac136fe26a2f7028c37b353dcd03e4d6e43cd0f80d8ce9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d7f20a0092042941c614f0c7b6830047
SHA1 f10b48105fcaa8b6b9a640d8f9255134afe615ee
SHA256 0384eb6a6df8582172925c55eed07603967a47442bde906806ae02071ceb184b
SHA512 1118f5107b9f26119f0c9e2b1159fb6dc93f8ac24ff32303e3ffb5e094b6e7eb5a350a960a9eb57d1d3f834e0aa82fafe05044c9b847cddfaa64bab1ffda3b36

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2sZ7287.exe

MD5 739c3f41b779cd77be91009e4d7fcb5e
SHA1 3fa39a757e5af3173a6090c2456b638d1c7fec5d
SHA256 4744d07265497d961e8a2c065141a9e27ebde8edc0b0053305f9a2f2b847f1d5
SHA512 ec1642687f2daae65e698b891d55c9760ac180c8172d7d95bee7185e886244fe1284476b4d1d696e2329d956e88a70f46f6e855c121545e2fa4ca2b5f1bea258

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3f953e5fb1b5a036be8d1745701efe55
SHA1 70f1beefe6a331b7d8588487853e57661eda2cb0
SHA256 8de6fd3ebc4e608bd271a6b7d17cfef9c30e516cc99109c35dcc4ee77842ee9b
SHA512 9bc85c126dd6811c65e8e78270dc1c8e2ba0071f2474b653b026cb56b42d0eb8501cfaa6f5203e2d77c2a3b8054dbda639a059fdef1fc5be24cae3ff005c8b27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df6467c4da9f039817e5549576d190e4
SHA1 8d03b816affffb8dee6bc771f4ed488a8ed81216
SHA256 e13369292bf45ef52459f8bf4c248097a5550aec1204d73e2e8ac08a77d298b7
SHA512 939df39534fde671877db42e8ce30b5e9906d0d0a629d5ceb66c9ad110c788fa78db33aa3ea3eabc2ac35e181802752b1cc7ac0c5f26bcfc32f40910f43d8c1d

memory/7952-279-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7952-282-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7952-283-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7952-288-0x0000000000400000-0x0000000000433000-memory.dmp

memory/768-291-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ceffe8af-43ac-4129-96c7-10f5f4b3d8fb.tmp

MD5 798b213c0a63a9384a39d67e91ee5d00
SHA1 83cac1d4d7796480822372609d334ab0ce1b2bdd
SHA256 550c8341dcb223e62b497ae9a84ac76c631d9824116f19b67f300b38895f675f
SHA512 cebf5e55618a6023cce4522c801d18ff9dc59b09f35c809e42367e5de090951e42e460b40d292a5c5205a607cbe541861462d4bd6afa6a1a30bda92d6c18f953

memory/3296-315-0x0000000002EF0000-0x0000000002F06000-memory.dmp

memory/768-317-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 810cf7a645e0c00edac1d175b7de375a
SHA1 df7667b68dcf6a93cd313afcf4012166f02b8197
SHA256 e638619decd219dd61c01326034d7ef839569a6da7e1e5f4d3b53bdec59f2cb9
SHA512 54b0172f6557ef6be5a7905cb4d651342e2e7d3e29fdf93f7cc6cc09a233b9a15f09122c260505057d39307ed1233c99c3f05a95bd83dccca0350fa5b723a237

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\617bf922-399d-46bf-a6f5-a07b460d4dce.tmp

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/7612-356-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7612-364-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/7612-371-0x0000000008150000-0x00000000086F4000-memory.dmp

memory/7612-372-0x0000000007C40000-0x0000000007CD2000-memory.dmp

memory/7612-377-0x0000000007E40000-0x0000000007E50000-memory.dmp

memory/7612-378-0x0000000007DF0000-0x0000000007DFA000-memory.dmp

memory/7492-383-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7612-384-0x0000000008D20000-0x0000000009338000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/7612-394-0x0000000008000000-0x000000000810A000-memory.dmp

memory/7612-397-0x0000000007ED0000-0x0000000007EE2000-memory.dmp

memory/7492-398-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7492-399-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7492-401-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7612-402-0x0000000007F30000-0x0000000007F6C000-memory.dmp

memory/7612-414-0x0000000007F70000-0x0000000007FBC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587683.TMP

MD5 7cdbdd248bbd23f628a146fa5836a400
SHA1 efebc4cd4c4898c0f70963e89e076610603aa954
SHA256 fb6dfecb91c30f89ada0ef7435099ab56f7327bd8fa9b14a62dd6a02ecf40717
SHA512 9fc9f7c33fd00b9f8efbd031994d92309dc2028a5b799894147e348cd8e5d99d8758b4cba8f03b170796833d16932c27df7e2bfb91dc4c3bfdd7c6a1ed7e68f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e72af415667ee125be5484fbddd4b675
SHA1 cb95f7e4af60fa4c2622a81fb2bc08424ac2f1ac
SHA256 ee3049385c08d31f4c65f5c74601dd710ad4f25bf2cc4757b261c54d996faeae
SHA512 10e05c3b9021ebb7b779f7613299f317d20fb9a0a0ef1ed08a63c086fd36ef88148c524f1e0599badd8665a151ecbd2de4817f33b4187a8b9907ebab0bdeaddb

memory/5520-524-0x00000000006B0000-0x000000000070A000-memory.dmp

memory/5520-528-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5520-529-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/5520-533-0x0000000074AB0000-0x0000000075260000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc25211fbd1a6cd271a2cb5d186933ab
SHA1 66d2ad32bbb002992b3a8722a747be6e93ef7f83
SHA256 be4c2b960c24c527c280a2d30c3235588ada2524c412c7901f771253f605a83e
SHA512 ac3d1b45071f17782bf38a45d2ac05d219aecaa06c098d3aea859f319d1975e315e0cd6947ca957d61f4d96b8badf8f6e3cccd584588eddae21287c8b477b373

memory/7612-566-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/7612-580-0x0000000007E40000-0x0000000007E50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b34b2b3b250b02d8f9f4fa5e2ba8e5e6
SHA1 97986cb92f336aa16806334ef75361e400548319
SHA256 5e974fb75173d8a318147bc74b7091cf57821d508b4186aaaba39d5802e3d80c
SHA512 11905b54954fbfa8cc20150aecb9c50b6cc5607e77f55ae5cb32a27c57e9314707507e25fe21cfd78a52bc1a4fc34847805164881922f01db90d57df1ef6e61b

memory/6124-638-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/6124-639-0x0000000000BB0000-0x000000000184A000-memory.dmp

memory/4076-643-0x000001DB9D280000-0x000001DB9D36E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/4076-647-0x000001DBB7860000-0x000001DBB7940000-memory.dmp

memory/4076-649-0x000001DBB7940000-0x000001DBB7A20000-memory.dmp

memory/4076-650-0x00007FF840450000-0x00007FF840F11000-memory.dmp

memory/4076-652-0x000001DB9D810000-0x000001DB9D820000-memory.dmp

memory/4076-654-0x000001DBB7A20000-0x000001DBB7AE8000-memory.dmp

memory/4076-658-0x000001DBB7BF0000-0x000001DBB7CB8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/4076-665-0x000001DBB7CC0000-0x000001DBB7D0C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/5392-676-0x0000000000B00000-0x0000000000B01000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/7792-683-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/7792-687-0x00007FF840450000-0x00007FF840F11000-memory.dmp

memory/7792-690-0x000001D3B2BE0000-0x000001D3B2BF0000-memory.dmp

memory/6124-691-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/7792-689-0x000001D3B2A10000-0x000001D3B2AF4000-memory.dmp

memory/4076-688-0x00007FF840450000-0x00007FF840F11000-memory.dmp

memory/7792-692-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-693-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-695-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-697-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-699-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-701-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

memory/7792-707-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-709-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-711-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-713-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-715-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-717-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-719-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-721-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-723-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-725-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-727-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-729-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-731-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-733-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-735-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-737-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

memory/7792-739-0x000001D3B2A10000-0x000001D3B2AF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1ec4f71cf954d498ed162c7ae90d4bfa
SHA1 8c6be917c95febb3bd9db0d661b4bdadc97d6794
SHA256 51c0b01acb7b28010313ae05c36f0d16138d0da5481a26ce0da61180d5d7cbc5
SHA512 d2235fa8001f90314f828b16ba33352715e43661e66e7c23cc50fa9908d36ecc47d1797dc93331728388a93a10733805930d1bcf94216b536670d83fd12304f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/5324-850-0x00000000007E0000-0x00000000008E0000-memory.dmp

memory/5324-853-0x00000000023E0000-0x00000000023E9000-memory.dmp

memory/5308-855-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4932-879-0x0000000002AA0000-0x0000000002E9D000-memory.dmp

memory/4932-885-0x0000000002EA0000-0x000000000378B000-memory.dmp

memory/4932-892-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8d3c69d4aafab452c4c9a02efc600a7c
SHA1 7dcc18cbbd24cc8319172e84e83e3205a08a0055
SHA256 6e69cf9c140cfedbe317fd76a98c3894b39ccaa549d0ed082d627042167dd1e7
SHA512 f094ef85f14f2978bc3c0082f769d94aa595dadef03b6ad08301342208b51766fe38b0b191912e5ec3f44d58ae846fac17fd98d75ea0cab00d9143198fc13896

memory/5308-1016-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/5392-1404-0x0000000000B00000-0x0000000000B01000-memory.dmp

memory/3580-1410-0x00007FF840450000-0x00007FF840F11000-memory.dmp

memory/3580-1414-0x000002627CF40000-0x000002627CF50000-memory.dmp

memory/3580-1412-0x000002627CF40000-0x000002627CF50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_24m3kyfp.whx.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3580-1433-0x000002627D150000-0x000002627D172000-memory.dmp

memory/7792-1458-0x00007FF840450000-0x00007FF840F11000-memory.dmp

memory/5560-1460-0x0000000002560000-0x0000000002596000-memory.dmp

memory/3580-1462-0x000002627CF40000-0x000002627CF50000-memory.dmp

memory/5560-1463-0x0000000002550000-0x0000000002560000-memory.dmp

memory/5560-1469-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/5560-1471-0x0000000004DA0000-0x00000000053C8000-memory.dmp

memory/7792-1470-0x000001D3B2BE0000-0x000001D3B2BF0000-memory.dmp

memory/5560-1473-0x0000000002550000-0x0000000002560000-memory.dmp

memory/5560-1492-0x0000000004D70000-0x0000000004D92000-memory.dmp

memory/5560-1494-0x0000000005440000-0x00000000054A6000-memory.dmp

memory/5560-1502-0x0000000005520000-0x0000000005586000-memory.dmp

memory/4932-1510-0x0000000002AA0000-0x0000000002E9D000-memory.dmp

memory/5560-1509-0x0000000005690000-0x00000000059E4000-memory.dmp

memory/3580-1513-0x000002627CF40000-0x000002627CF50000-memory.dmp

memory/3580-1527-0x00007FF840450000-0x00007FF840F11000-memory.dmp

memory/5560-1537-0x0000000005B50000-0x0000000005B6E000-memory.dmp

memory/5560-1592-0x0000000006070000-0x00000000060B4000-memory.dmp

memory/4932-1619-0x0000000002EA0000-0x000000000378B000-memory.dmp

memory/5560-1621-0x0000000002550000-0x0000000002560000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7eb11c8fd446c8e38498c7286f415772
SHA1 9abebd52618401fd08a8d3c55fb75bef834578b0
SHA256 fc7f2f5e8662a8e0e4b073425d9b98c968882c8d5f2d6fd4144e2ab13d99b894
SHA512 8f39dc5fbd688d3d58e64157cf49b873d75a05c4b825b59283fc6d0cfd9770278b5795791e3172fcd2b7af6913453848ed6ec14b22b339c6f525b822436b0a3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9c6ed8eb4abfb9028fa05414299f18e7
SHA1 da7605858b56f741652bd216e8687de73ebb2e29
SHA256 d14bb9bc1dcccdafed24e1e03a93cdf0ddb50ec10537dcde20ffca09001963b8
SHA512 4831cc2ea34a52ad700fabb719912abe0142d422d96619b26ed6a2c9ef0b8f8647efeaabacf2ec2bb6d37db090e69f1812dbfe920db7b41b0be358c93b2a1948