Malware Analysis Report

2024-11-13 19:09

Sample ID 231111-xdgj4abe99
Target 437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44
SHA256 437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44
Tags
glupteba mystic redline smokeloader zgrat taiga up3 backdoor paypal discovery dropper evasion infostealer loader persistence phishing rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44

Threat Level: Known bad

The file 437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader zgrat taiga up3 backdoor paypal discovery dropper evasion infostealer loader persistence phishing rat spyware stealer trojan

ZGRat

SmokeLoader

Detect Mystic stealer payload

Detect ZGRat V1

RedLine payload

Mystic

Suspicious use of NtCreateUserProcessOtherParentProcess

RedLine

Glupteba payload

Glupteba

Drops file in Drivers directory

Stops running service(s)

Downloads MZ/PE file

Modifies Windows Firewall

Blocklisted process makes network request

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Detected potential entity reuse from brand paypal.

AutoIT Executable

Drops file in System32 directory

Suspicious use of SetThreadContext

Drops file in Program Files directory

Launches sc.exe

Checks for VirtualBox DLLs, possible anti-VM trick

Enumerates physical storage devices

Unsigned PE

Program crash

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 18:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 18:44

Reported

2023-11-11 18:46

Platform

win10v2004-20231020-en

Max time kernel

102s

Max time network

155s

Command Line

C:\Windows\Explorer.EXE

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\latestX.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3286.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\updater.exe C:\Users\Admin\AppData\Local\Temp\latestX.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2452 = "Saint Pierre Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1871 = "Russia TZ 7 Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-691 = "Tasmania Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2572 = "Turks and Caicos Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-81 = "Atlantic Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-672 = "AUS Eastern Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2181 = "Astrakhan Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-891 = "Morocco Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-3142 = "South Sudan Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-601 = "Taipei Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-222 = "Alaskan Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1912 = "Russia TZ 10 Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2391 = "Aleutian Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1971 = "Belarus Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-371 = "Jerusalem Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-391 = "Arab Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-41 = "E. South America Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-192 = "Mountain Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1502 = "Turkey Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2531 = "Chatham Islands Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-361 = "GTB Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-182 = "Mountain Standard Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-3141 = "South Sudan Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2491 = "Aus Central W. Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-92 = "Pacific SA Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-3052 = "Qyzylorda Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2592 = "Tocantins Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1662 = "Bahia Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2612 = "Bougainville Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-142 = "Canada Central Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-52 = "Greenland Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2511 = "Lord Howe Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2042 = "Eastern Standard Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-732 = "Fiji Standard Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2061 = "North Korea Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-651 = "AUS Central Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-681 = "E. Australia Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-351 = "FLE Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1721 = "Libya Daylight Time" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\A393.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4936 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe
PID 4936 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe
PID 4936 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe
PID 3664 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe
PID 3664 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe
PID 3664 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe
PID 620 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe
PID 620 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe
PID 620 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe
PID 1976 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe
PID 1976 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe
PID 1976 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe
PID 2672 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3608 wrote to memory of 916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3608 wrote to memory of 916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1404 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1404 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1992 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1992 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44.exe

"C:\Users\Admin\AppData\Local\Temp\437039e06b25cce1c397e0d0ef7706195f5f98734450ac9b62b7c5f2a3692a44.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,18077276182879572939,10888167921204884053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,18077276182879572939,10888167921204884053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8184516885059692964,14822710494110139182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8184516885059692964,14822710494110139182,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10046932532682762028,16172708985059704980,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10046932532682762028,16172708985059704980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,4866051565662984113,9815686367913812355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,4866051565662984113,9815686367913812355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5473219297876892993,8848499698779415661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcfb9c46f8,0x7ffcfb9c4708,0x7ffcfb9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Bt6580.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Bt6580.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16878243474027687442,16783374483759852753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7044 -ip 7044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 540

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8gV599sA.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8gV599sA.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9lv5Sy0.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9lv5Sy0.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8300 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\123B.exe

C:\Users\Admin\AppData\Local\Temp\123B.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6588 -ip 6588

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 784

C:\Users\Admin\AppData\Local\Temp\3286.exe

C:\Users\Admin\AppData\Local\Temp\3286.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\366F.exe

C:\Users\Admin\AppData\Local\Temp\366F.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\366F.exe

C:\Users\Admin\AppData\Local\Temp\366F.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\9CCB.exe

C:\Users\Admin\AppData\Local\Temp\9CCB.exe

C:\Users\Admin\AppData\Local\Temp\A17F.exe

C:\Users\Admin\AppData\Local\Temp\A17F.exe

C:\Users\Admin\AppData\Local\Temp\A393.exe

C:\Users\Admin\AppData\Local\Temp\A393.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4748 -ip 4748

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 784

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn ScheduledUpdate /f

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2092 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16026538963433382048,454561461570439787,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8908 /prefetch:2

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\windefender.exe

"C:\Windows\windefender.exe"

C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe" --nt-service -f "C:\Users\Admin\AppData\Local\Temp\csrss\tor\torrc" --Log "notice file C:\Users\Admin\AppData\Local\Temp\csrss\tor\log.txt"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\sc.exe

sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\windefender.exe

C:\Windows\windefender.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\sc.exe

sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\NextSink\bfacjq\TypeId.exe

C:\Users\Admin\AppData\Local\NextSink\bfacjq\TypeId.exe

C:\Users\Admin\AppData\Local\NextSink\bfacjq\TypeId.exe

C:\Users\Admin\AppData\Local\NextSink\bfacjq\TypeId.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 83.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 157.240.5.35:443 www.facebook.com tcp
US 157.240.5.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 twitter.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 3.221.61.110:443 www.epicgames.com tcp
US 3.221.61.110:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.61.221.3.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 2.18.121.83:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 2.18.121.83:443 store.akamai.steamstatic.com tcp
US 2.18.121.83:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.twitter.com udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.133:443 t.co tcp
US 192.229.220.133:443 video.twimg.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 92.122.101.41:80 apps.identrust.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
US 2.18.121.74:443 community.akamai.steamstatic.com tcp
US 2.18.121.74:443 community.akamai.steamstatic.com tcp
US 2.18.121.74:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 41.101.122.92.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 214.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.121.18.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 8.8.8.8:53 nelly-service-prod.ecbc.live.use1a.on.epicgames.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 3.210.191.103:443 nelly-service-prod.ecbc.live.use1a.on.epicgames.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 103.191.210.3.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 nelly-service-prod-akamai.ecosec.on.epicgames.com udp
NL 2.19.195.241:443 nelly-service-prod-akamai.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 nelly-service-prod-cloudfront.ecosec.on.epicgames.com udp
US 18.65.39.18:443 nelly-service-prod-cloudfront.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 241.195.19.2.in-addr.arpa udp
US 8.8.8.8:53 18.39.65.18.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 nelly-service-prod-fastly.ecosec.on.epicgames.com udp
US 151.101.2.132:443 nelly-service-prod-fastly.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 nelly-service-prod-cloudflare.ecosec.on.epicgames.com udp
US 172.64.145.231:443 nelly-service-prod-cloudflare.ecosec.on.epicgames.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 132.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 231.145.64.172.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 facebook.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 fbsbx.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 104.21.53.57:80 killredls.pw tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 2.18.121.74:443 community.akamai.steamstatic.com tcp
US 2.18.121.74:443 community.akamai.steamstatic.com tcp
US 2.18.121.74:443 community.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 5.42.64.16:443 5.42.64.16 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 2.18.121.83:443 ctldl.windowsupdate.com tcp
US 2.18.121.83:443 ctldl.windowsupdate.com tcp
US 2.18.121.83:443 ctldl.windowsupdate.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 194.49.94.72 tcp
US 8.8.8.8:53 72.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 126.177.238.8.in-addr.arpa udp
US 194.49.94.11:80 194.49.94.11 tcp
US 8.8.8.8:53 11.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 api.ip.sb udp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 172.75.67.172.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 92.180.67.172.in-addr.arpa udp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 bluepablo.fun udp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 login.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 172.67.180.92:80 bluepablo.fun tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 ce9ab3a8-d630-46fa-9eb6-cc40bf686050.uuid.theupdatetime.org udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 136.31.251.142.in-addr.arpa udp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 rr5---sn-q4flrn7r.googlevideo.com udp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 106.165.85.209.in-addr.arpa udp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 server2.theupdatetime.org udp
US 8.8.8.8:53 stun1.l.google.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
FI 64.233.164.127:19302 stun1.l.google.com udp
US 162.159.130.233:443 cdn.discordapp.com tcp
BG 185.82.216.108:443 server2.theupdatetime.org tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 walkinglate.com udp
US 188.114.96.0:443 walkinglate.com tcp
US 8.8.8.8:53 127.164.233.64.in-addr.arpa udp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 108.216.82.185.in-addr.arpa udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
NL 194.26.192.187:443 tcp
US 8.8.8.8:53 187.192.26.194.in-addr.arpa udp
DE 77.20.28.103:14353 tcp
US 76.210.199.227:9001 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 xmr-eu1.nanopool.org udp
FR 163.172.154.142:14433 xmr-eu1.nanopool.org tcp
US 8.8.8.8:53 142.154.172.163.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 172.67.34.170:443 pastebin.com tcp
US 8.8.8.8:53 170.34.67.172.in-addr.arpa udp
NL 51.15.65.182:14433 xmr-eu1.nanopool.org tcp
US 8.8.8.8:53 182.65.15.51.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe

MD5 70d015d6a768faee7705a744ed9b325b
SHA1 ce31711be267d1b457a46470e9a54d64e23321ba
SHA256 f68d32086f6192aea64352c6fae07fbb6024851fc64941aa995d349221bd205d
SHA512 993fe178d91c5f59d6c551856c31303a52c4ce3752599d42cce8ef696bb1959f670b8475c71094d8583f1bd9759fe023cf3eac0fe0f5274609d75decb0a77595

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dG8rA14.exe

MD5 70d015d6a768faee7705a744ed9b325b
SHA1 ce31711be267d1b457a46470e9a54d64e23321ba
SHA256 f68d32086f6192aea64352c6fae07fbb6024851fc64941aa995d349221bd205d
SHA512 993fe178d91c5f59d6c551856c31303a52c4ce3752599d42cce8ef696bb1959f670b8475c71094d8583f1bd9759fe023cf3eac0fe0f5274609d75decb0a77595

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe

MD5 d381ac0bf5b98cc768347eb22be18617
SHA1 2fc3368a9e9f62f87447d442adbc65755d201516
SHA256 c676d41b0a465dc9eb99bf5bb3c392c6a4f9afc8ebf66c4271f1ca36dbf6f168
SHA512 c4c363fe591c749328b589c8af0e9bded01638e6a9e4b400787daa2014c20e25be873f8c8e7dc63d4b8d3995364dbb0a2a14905c5b7f2db106b882c1f5f1a12a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\bJ5rV84.exe

MD5 d381ac0bf5b98cc768347eb22be18617
SHA1 2fc3368a9e9f62f87447d442adbc65755d201516
SHA256 c676d41b0a465dc9eb99bf5bb3c392c6a4f9afc8ebf66c4271f1ca36dbf6f168
SHA512 c4c363fe591c749328b589c8af0e9bded01638e6a9e4b400787daa2014c20e25be873f8c8e7dc63d4b8d3995364dbb0a2a14905c5b7f2db106b882c1f5f1a12a

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe

MD5 7a2af50c0defb42bbc4ca9b27f07cfaa
SHA1 39df66ab586fc1e4a24a09187844e868500519b1
SHA256 2f82515c8577ba75b977f11728755c024e6c3a72f80d1dbb39762195c44b0919
SHA512 68b588c2311ccf6ec18153f44c650f2a98f790af3da441c47c047d95149de0e9c90838efeef613ae7d00490b7f5311dd91a9ffe136b870477945f14e2402d8a9

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dy7MF43.exe

MD5 7a2af50c0defb42bbc4ca9b27f07cfaa
SHA1 39df66ab586fc1e4a24a09187844e868500519b1
SHA256 2f82515c8577ba75b977f11728755c024e6c3a72f80d1dbb39762195c44b0919
SHA512 68b588c2311ccf6ec18153f44c650f2a98f790af3da441c47c047d95149de0e9c90838efeef613ae7d00490b7f5311dd91a9ffe136b870477945f14e2402d8a9

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe

MD5 d60361cdb76e53980d4073fc470b89f6
SHA1 578f8139b8070c962d00bf6f4d7444c4554a5277
SHA256 6507d9b5c1ff65b7a68302f9baa14828ffdfa38597a3a7723326237f8f859ecd
SHA512 0525f7f7e6fc605a2454ebab38f031966892bc5944ff5f03f3351b2ecbbec6eb2b5d7905916628767168d4eccf86bb576be856df50e6963d1adc9dac62156b5e

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Dv64HJ8.exe

MD5 d60361cdb76e53980d4073fc470b89f6
SHA1 578f8139b8070c962d00bf6f4d7444c4554a5277
SHA256 6507d9b5c1ff65b7a68302f9baa14828ffdfa38597a3a7723326237f8f859ecd
SHA512 0525f7f7e6fc605a2454ebab38f031966892bc5944ff5f03f3351b2ecbbec6eb2b5d7905916628767168d4eccf86bb576be856df50e6963d1adc9dac62156b5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_4268_UFFZWTSMOIAIDJZD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3608_SXOCOARLATRMXZFY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3544_HMMTZHDJLBQWHYHK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1492_QZUEBMDBHDLLZPRZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1904_LAWHZAHBFNBKIGVS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 105b7c833c44ceebecbb5c7c8756778b
SHA1 9b7fa0bbe3769b44178fdce9d7c40754d61dfb2a
SHA256 271ba7a9785c07842611414b7f25a8ca2dd7b9617866035ce31bfe71563755e1
SHA512 2587471b747a63f04633e080c19df45f7c73b3df7beaab681629c34a51fc61f5e86232a133d2d64c9796ec0ab063932993c70e3ac396e6ca448125048331055e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ba0fd6880a4f55c4db3f544bddde5795
SHA1 ced9c487259d9a091d43b68e72379eeeb8feb216
SHA256 ccf6de685ecb1e4494d2c9039b1891e7be809468a777ce2d13bb58a4b4eb3780
SHA512 7e907bf2f834c37850baf80d32bb745d60b524dbd6430fa1a9f0a831cff89f8d1f0bc7b4b43e791ebbffb1b08c81d043267dba94faf421de460d28f09273e98a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 105b7c833c44ceebecbb5c7c8756778b
SHA1 9b7fa0bbe3769b44178fdce9d7c40754d61dfb2a
SHA256 271ba7a9785c07842611414b7f25a8ca2dd7b9617866035ce31bfe71563755e1
SHA512 2587471b747a63f04633e080c19df45f7c73b3df7beaab681629c34a51fc61f5e86232a133d2d64c9796ec0ab063932993c70e3ac396e6ca448125048331055e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5501a0a7837e67c3ed3eaac5424235c
SHA1 d22c68a821461bb75281e217284788c260b5e584
SHA256 90fb8257a3f56326932b215bb3b483c31d49960ded94421abb0e7ff1a9ced69d
SHA512 86ee3f1b8b5ff51df593c56a9787f48de7a587162931210366201f3f7a1bc4ad437a14e870134344ab2425dd814d6dce07611b725925e6e49a46dd5475634559

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5501a0a7837e67c3ed3eaac5424235c
SHA1 d22c68a821461bb75281e217284788c260b5e584
SHA256 90fb8257a3f56326932b215bb3b483c31d49960ded94421abb0e7ff1a9ced69d
SHA512 86ee3f1b8b5ff51df593c56a9787f48de7a587162931210366201f3f7a1bc4ad437a14e870134344ab2425dd814d6dce07611b725925e6e49a46dd5475634559

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1a690edb00eecc2769a50ee41155419d
SHA1 9975256ec52c29417de5160794e2c4fe6fc00a28
SHA256 c58eb748f9a79b38e34c3352e497006657b5ea8d47830794694da12c9101bcb5
SHA512 5ef47c10e6e6f6f84e955b0fdd30d25dc9a1d1cb95de2c76705e36d13284c7c092a64d43f57802de68115d084e434daec8e0273779b383f3a37d6d1631fa5075

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ba0fd6880a4f55c4db3f544bddde5795
SHA1 ced9c487259d9a091d43b68e72379eeeb8feb216
SHA256 ccf6de685ecb1e4494d2c9039b1891e7be809468a777ce2d13bb58a4b4eb3780
SHA512 7e907bf2f834c37850baf80d32bb745d60b524dbd6430fa1a9f0a831cff89f8d1f0bc7b4b43e791ebbffb1b08c81d043267dba94faf421de460d28f09273e98a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7f6824f409827596246e7ee2a3297e1f
SHA1 8872fd92feecffb5a8839c03cb70de63e785c22e
SHA256 45215ad5562260eff5d59cbae31429bbec39b0182ac287d23f2efe8dd982035a
SHA512 46899204f307503618a78a45553de94d373647f1fd03b0688a47a953b7b4c512a65ec469ae42720ae8257ba0c96d9c5f27f747e91aa95940a650d690df8e4d71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1a690edb00eecc2769a50ee41155419d
SHA1 9975256ec52c29417de5160794e2c4fe6fc00a28
SHA256 c58eb748f9a79b38e34c3352e497006657b5ea8d47830794694da12c9101bcb5
SHA512 5ef47c10e6e6f6f84e955b0fdd30d25dc9a1d1cb95de2c76705e36d13284c7c092a64d43f57802de68115d084e434daec8e0273779b383f3a37d6d1631fa5075

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Bt6580.exe

MD5 6388d171313b848164f405dc3f7f79cd
SHA1 27eaddb12dea3065f72c2e6f146b24550cb3d986
SHA256 627bdf7a9650d45175723c9dd313ce63df6be286018d4e3f746c6ee42bad7e45
SHA512 6961e784720875763ec57c8d75cf57f9cc35a6f2a7ce64873c2546ea63a9197f4c1aac4e7cf68af5b0e4e2193c27a56109885741cba60a90b1c2b1aef8c92375

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 105b7c833c44ceebecbb5c7c8756778b
SHA1 9b7fa0bbe3769b44178fdce9d7c40754d61dfb2a
SHA256 271ba7a9785c07842611414b7f25a8ca2dd7b9617866035ce31bfe71563755e1
SHA512 2587471b747a63f04633e080c19df45f7c73b3df7beaab681629c34a51fc61f5e86232a133d2d64c9796ec0ab063932993c70e3ac396e6ca448125048331055e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7f6824f409827596246e7ee2a3297e1f
SHA1 8872fd92feecffb5a8839c03cb70de63e785c22e
SHA256 45215ad5562260eff5d59cbae31429bbec39b0182ac287d23f2efe8dd982035a
SHA512 46899204f307503618a78a45553de94d373647f1fd03b0688a47a953b7b4c512a65ec469ae42720ae8257ba0c96d9c5f27f747e91aa95940a650d690df8e4d71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f3124922cefe265fda26f1a7be6859cb
SHA1 c9a4edf26f14297f63abf86b47bc213909832c10
SHA256 a4f598a6a5f2eff7cf20db48f9a34e7aa20b49a9f6be27a1443cb1df5357811e
SHA512 eeed3a1c43352b95e94290ebc81009b3b141c7344eea238c76b434c936a52ed458daabd38ed66010c73efec27ae750a6e871438b53773440449859f716b5516d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ba0fd6880a4f55c4db3f544bddde5795
SHA1 ced9c487259d9a091d43b68e72379eeeb8feb216
SHA256 ccf6de685ecb1e4494d2c9039b1891e7be809468a777ce2d13bb58a4b4eb3780
SHA512 7e907bf2f834c37850baf80d32bb745d60b524dbd6430fa1a9f0a831cff89f8d1f0bc7b4b43e791ebbffb1b08c81d043267dba94faf421de460d28f09273e98a

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Bt6580.exe

MD5 6388d171313b848164f405dc3f7f79cd
SHA1 27eaddb12dea3065f72c2e6f146b24550cb3d986
SHA256 627bdf7a9650d45175723c9dd313ce63df6be286018d4e3f746c6ee42bad7e45
SHA512 6961e784720875763ec57c8d75cf57f9cc35a6f2a7ce64873c2546ea63a9197f4c1aac4e7cf68af5b0e4e2193c27a56109885741cba60a90b1c2b1aef8c92375

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1a690edb00eecc2769a50ee41155419d
SHA1 9975256ec52c29417de5160794e2c4fe6fc00a28
SHA256 c58eb748f9a79b38e34c3352e497006657b5ea8d47830794694da12c9101bcb5
SHA512 5ef47c10e6e6f6f84e955b0fdd30d25dc9a1d1cb95de2c76705e36d13284c7c092a64d43f57802de68115d084e434daec8e0273779b383f3a37d6d1631fa5075

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f3124922cefe265fda26f1a7be6859cb
SHA1 c9a4edf26f14297f63abf86b47bc213909832c10
SHA256 a4f598a6a5f2eff7cf20db48f9a34e7aa20b49a9f6be27a1443cb1df5357811e
SHA512 eeed3a1c43352b95e94290ebc81009b3b141c7344eea238c76b434c936a52ed458daabd38ed66010c73efec27ae750a6e871438b53773440449859f716b5516d

memory/7044-205-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7044-206-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7044-208-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mg71hN.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fcbb516a65d19d05067a8b3c76776ef0
SHA1 48a2e23506bea4c54d2cdf03da5f1853d7acd9b6
SHA256 69bfdc1459a00ec204b20afbfd450327f2b0a651e6074f4cb47798f6fd71682c
SHA512 dfeb970cf1ef72b8b6674f59c1a24e811c5a44ee56a78e4829f7a60ad5eee29fb4b2aa7933e62c2fd49b6ec0941630cca3ed5c81b04ec99b3e2173359f746f07

memory/7240-218-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5501a0a7837e67c3ed3eaac5424235c
SHA1 d22c68a821461bb75281e217284788c260b5e584
SHA256 90fb8257a3f56326932b215bb3b483c31d49960ded94421abb0e7ff1a9ced69d
SHA512 86ee3f1b8b5ff51df593c56a9787f48de7a587162931210366201f3f7a1bc4ad437a14e870134344ab2425dd814d6dce07611b725925e6e49a46dd5475634559

memory/7044-204-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3320-332-0x00000000027B0000-0x00000000027C6000-memory.dmp

memory/7240-334-0x0000000000400000-0x000000000040B000-memory.dmp

memory/4528-337-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7956-345-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7956-356-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7956-361-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7956-363-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e919cef0cf09eeb98d11b1e9a14fe1b2
SHA1 bfe0f9fd0b887b5e19ab6a7588c522341194af29
SHA256 2b13e6e6b37d369860491e09a05813209a70b4062bd7e92544aeaa4a26837a35
SHA512 e1f4a381e706b421362ac9f287c7533fe15adf6256b79ef711c5277fd1719aed45b885255ec10579a28191e52064b67ca1cef59a5cec0211289a0d9f253ed4c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c34a20f9f250da2ffddb45ae587ce140
SHA1 0b9080a3a546ba8a866e509904a1bfacd11f01d9
SHA256 46e397ebefb18ca4cf1639d54b4e827914dfccbccaa20c9e1c643583aa607e7e
SHA512 d5560bb12226fd3a1551ed8f4d4811158b1071d5c5649d0f1c169e9558ede66c6ab3fef1358c55c48b2171cb46f44bf8c15b73bf44e76981a33f0d5f3bf37920

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/4528-482-0x00000000747F0000-0x0000000074FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/4528-500-0x0000000007DF0000-0x0000000008394000-memory.dmp

memory/4528-501-0x00000000078E0000-0x0000000007972000-memory.dmp

memory/4528-503-0x0000000007890000-0x00000000078A0000-memory.dmp

memory/4528-528-0x00000000078D0000-0x00000000078DA000-memory.dmp

memory/4528-534-0x00000000089C0000-0x0000000008FD8000-memory.dmp

memory/4528-537-0x0000000007C80000-0x0000000007D8A000-memory.dmp

memory/4528-538-0x0000000007B30000-0x0000000007B42000-memory.dmp

memory/4528-539-0x0000000007BB0000-0x0000000007BEC000-memory.dmp

memory/4528-545-0x0000000007BF0000-0x0000000007C3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 3ae8bba7279972ba539bdb75e6ced7f5
SHA1 8c704696343c8ad13358e108ab8b2d0f9021fec2
SHA256 de760e6ff6b3aa8af41c5938a5f2bb565b6fc0c0fb3097f03689fe2d588c52f8
SHA512 3ca2300a11d965e92bba8dc96ae1b00eca150c530cbfeb9732b8329da47e2f469110306777ed661195ff456855f79e2c4209ccef4a562a71750eb903d0a42c24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 bc14e5147e394b7c3bf643eee715035d
SHA1 a7f51779ff6a1c7ef81dd121a93b08c494b777fd
SHA256 c9fe76d5dab44dda97da61c80b33f1ee16ef5e3f8b1337713b64ddd348f917fa
SHA512 11688c1e4ea9d220f98ab53ba9313d019a05b5748297501cc6d3fbfc65ee24c75dcfbe9f56ab5ffc00c778d9ecc66c38493df55fbb307e639e8abbb0a80c3868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe57fca0.TMP

MD5 1fcece49092dc696dd1aaac060121ba5
SHA1 fde413c1eb9fa085ec3e43816c92d9074a5aa8b5
SHA256 0c9e4a59db9db547cff9a27a3468cdc557b8e98ad2264ebb3cbd7bb6493640a2
SHA512 ebe02024b68c03aa958b4e9a9d2f0c5cbadda166da2dfec85a37bdd3c0740953d6d7380f810da0e0bd1923d4413852552b23c858d92c4297a4b488427df6601c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58028b.TMP

MD5 54a950e9b6a3c0f89247924a7243d564
SHA1 42c669fe6791b0a0880ed51e30f4867d4dce9247
SHA256 3da62ed476743f31cfa77c37c2148a88030ea435cfe556b9b91b1945f0fc34ed
SHA512 0c247dfdf18a1ae8ed451482521245f5ad445e160cc569b2e8431f87ff03beeaa4a3ce6134a990de42c34e6a062d8ba92c678fbdca0d9b15d557d6612304433b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fe9a07bb-e39d-4e1e-aafe-db57e35bbe94.tmp

MD5 b9b5a8d615fe5bd9ebbc181638eea806
SHA1 4a576fc115c3f93c49b03abf0466ef470516f80f
SHA256 8090e74d70e4d025b59fd31d797a7e7454f96d9081d001d737f9b42f9f7a7eca
SHA512 d1c5889f16d578fb6825e3aea72e61ab8404eb5232a52486990c3418de9a69a91f6869706f65e0b2c53e3c6776ae25d6736b0606394eda9d6ab4f0990bb9e7ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8eab6f4eb2e501007cc58f158f7ce1f7
SHA1 8086d445c1e6329e765194866c8fbfa47b85e0d2
SHA256 9009e9b16d0b823c605278944ae21436b9195c8b4328908fb3c68275fa5284a1
SHA512 52594b250b191bee86489b1c1b9e7981de6a67024ebb4b1bef195b07a2440ffba8d1c3f0c98d50c1ac39628e4a713b18ad8fec321c21563be1f352d64c30d49d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/6588-685-0x0000000000690000-0x00000000006EA000-memory.dmp

memory/6588-687-0x0000000000400000-0x000000000046F000-memory.dmp

memory/6588-690-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/6588-701-0x00000000747F0000-0x0000000074FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d632178708fbe8487684857c13212d5e
SHA1 7a58da5dd6253561c674b122dbd73e8edee9f029
SHA256 5feb4043f3b4f603592617ee54b107e1a03d4f13e9bffa3c8acea9cbba888ab2
SHA512 1ba19c3d4f7b2b02b604bda0905359a530673d205e74aa24d7bbf4ab4d995e8200e339b3f2a5b601cbb1b54e0d19ec129b5e8253f34f187a53c2fbc69a7ec3df

memory/7932-773-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/7932-774-0x0000000000020000-0x0000000000CBA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/5848-804-0x000001E89DCF0000-0x000001E89DDDE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/4528-806-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/5848-815-0x00007FFCF7420000-0x00007FFCF7EE1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/5848-819-0x000001E89FB30000-0x000001E89FC10000-memory.dmp

memory/4528-817-0x0000000007890000-0x00000000078A0000-memory.dmp

memory/5848-821-0x000001E8B83C0000-0x000001E8B84A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/5848-826-0x000001E8B84A0000-0x000001E8B8568000-memory.dmp

memory/2112-822-0x0000000002830000-0x0000000002831000-memory.dmp

memory/5848-829-0x000001E8B8670000-0x000001E8B8738000-memory.dmp

memory/5848-832-0x000001E89FC30000-0x000001E89FC7C000-memory.dmp

memory/7932-833-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/4008-834-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/4008-836-0x00000247B0250000-0x00000247B0334000-memory.dmp

memory/4008-837-0x00007FFCF7420000-0x00007FFCF7EE1000-memory.dmp

memory/4008-839-0x00000247B0360000-0x00000247B0370000-memory.dmp

memory/5848-838-0x00007FFCF7420000-0x00007FFCF7EE1000-memory.dmp

memory/4008-840-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-841-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-843-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-845-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-853-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-858-0x00000247B0250000-0x00000247B0331000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 de0f4b7c3404848c282c5c8be9f82a0f
SHA1 c479b395a919a7dd19be93b596e45c023da6c0a8
SHA256 f11d291f61c3206f27310c3808d9a339cbc5225717962724ab17948e2b710256
SHA512 11eb9862f71b1cfdb8ab3796207bfec8dc0a3379795864c53114911afabf9b8e3ce7f7d7d8987a3fb6b2f585b91f001de3981346755e616c383e89a6929cea0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584532.TMP

MD5 74110614b19bdc3216e69d7e68fecd84
SHA1 0d2f3c4d0020cd6538a507e7e72fdd0e6526054f
SHA256 85c558843eda7bd5a17e711f8275d76c487e37161fade52ea0e6f61525d89392
SHA512 bdca6a84d3525890fe4b994c60fb755c6f3ba35b63b153b6d84bf4998493852b41de6c55fc2849c547882ac67adcf11a5b7554a7dcc8d0a691b1a7a990887731

memory/4008-860-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-862-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-864-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-866-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-868-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-871-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-873-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-875-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-878-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-880-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-882-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-884-0x00000247B0250000-0x00000247B0331000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f5677080-a7f7-497e-8f7f-7526d20253fb\index-dir\the-real-index

MD5 6210fca85edecd2d7927dc4d711fbba2
SHA1 16e71936952cb4331316b54602aca341def33963
SHA256 2438a4a07b3f34b4740e3f622cd413733275174d2200c1b40e2640873f9dfac7
SHA512 3c05c2e0c65d578b704666ede41a2f935d13b192dcaf6c4b09bcfc6ffbc360833c0a6aa0073ac340c1a40528c56be6eb336c54988ba8fa3fe52e417453a72ab0

memory/4008-904-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-906-0x00000247B0250000-0x00000247B0331000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f5677080-a7f7-497e-8f7f-7526d20253fb\index-dir\the-real-index

MD5 da0ff54591cc2c0c754c868937450b37
SHA1 bf83db9784b70cb4d90ae2f77441a548782be7f5
SHA256 a19ec9843b61120bf93b717883a97b8602098df3afe989188db0a9b951e6b948
SHA512 5d707969ae950d2d90a3c985722335cadeb4a7cc307991719583064b76e97a73ed50038b749645c60f09aff43f7c71ebb7ce38f3e87e650b159e9ee3a0a9365a

memory/4008-908-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-910-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/4008-912-0x00000247B0250000-0x00000247B0331000-memory.dmp

memory/6460-924-0x0000000000950000-0x0000000000A50000-memory.dmp

memory/6460-926-0x0000000000810000-0x0000000000819000-memory.dmp

memory/5140-930-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2680-939-0x0000000002B00000-0x0000000002F05000-memory.dmp

memory/2680-943-0x0000000002F10000-0x00000000037FB000-memory.dmp

memory/2680-946-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/5140-1216-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d85aeabe579d60a76cf4513f9f5b8e17
SHA1 0703cd4d2fde54a2446a60bf519c38f784de04e4
SHA256 c633156fc5e56c74b7cf63ad254067c8f96ee05ab4fada77fedf8faa2a496d7c
SHA512 772ab0730e3c4335fde01aac736d076813e4a17f93f791c78a5841e7868d8c32a5b7c9a49067e4efa8f9a9844666339d8deb38c104409d4cf7c585c02261474c

memory/4540-1453-0x00000000049C0000-0x00000000049F6000-memory.dmp

memory/4540-1458-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/2112-1461-0x0000000002830000-0x0000000002831000-memory.dmp

memory/4540-1460-0x0000000004B50000-0x0000000004B60000-memory.dmp

memory/4540-1464-0x0000000005190000-0x00000000057B8000-memory.dmp

memory/4540-1463-0x0000000004B50000-0x0000000004B60000-memory.dmp

memory/4540-1479-0x0000000004F80000-0x0000000004FA2000-memory.dmp

memory/4540-1488-0x0000000005120000-0x0000000005186000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2cogegdz.wpl.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4540-1495-0x0000000005B70000-0x0000000005BD6000-memory.dmp

memory/4540-1501-0x0000000005BE0000-0x0000000005F34000-memory.dmp

memory/4540-1525-0x0000000005F40000-0x0000000005F5E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 4229de0838570a1496750f9a563fcdc1
SHA1 51fac33e5c380e056d297c66f45355db3d035ba2
SHA256 a77d6ae00b75ad836c6297598f6b511608458424e7149771cbea4e3891663436
SHA512 973e4df47369894bec6434b0c27201a0e6a90beb69a5f918ddab3e2d9bad4c15e9a929263cc1a135c5259cf6544f64150eee80e3c5e9f3544f9d8fd59f659d69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\29bd08ea-3751-4a9e-adc6-dc9e0b34f14b\index-dir\the-real-index

MD5 766b22776fd570d707ac139d694f23ed
SHA1 cd39df4269ab423c5968b8f32f25a38f65dc8a5a
SHA256 84d32bc07b8bb65a0fe5be283f936976a62c196d678469bfb1a22cefdec69382
SHA512 bfb643ce70eeeba961ad22ca9cb0a47abb7c217b2e447abb0aa47e3771e20f84b0cb7d475878e78dfcd4156796b13c27a156e9b22bd5597718d7ea43c4e6bc89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2cf4688450cb0548a69b0318a0b8470f
SHA1 a555dea8148621b166c1d0530b6d809640962db3
SHA256 c1e73620e6f2fd96f5701d987c3d346d31c7f5027ce4db8706c320ef361f832e
SHA512 10aa51498a6c2fc67334cde0044df381317fc98576a7d9cc00d18b7da34d8a85ea53ebf7f28624e0911ff992d78d96e989666a95f4b39c106bb4b951404fd555

memory/4540-1596-0x0000000006510000-0x0000000006554000-memory.dmp

memory/4008-1615-0x00007FFCF7420000-0x00007FFCF7EE1000-memory.dmp

memory/4008-1616-0x00000247B0360000-0x00000247B0370000-memory.dmp

memory/4540-1622-0x0000000004B50000-0x0000000004B60000-memory.dmp

memory/4540-1629-0x00000000070A0000-0x0000000007116000-memory.dmp

memory/4540-1650-0x00000000079A0000-0x000000000801A000-memory.dmp

memory/4540-1651-0x0000000007340000-0x000000000735A000-memory.dmp

memory/4540-1676-0x000000007EEB0000-0x000000007EEC0000-memory.dmp

memory/4540-1678-0x00000000074F0000-0x0000000007522000-memory.dmp

memory/4540-1680-0x000000006DC30000-0x000000006DC7C000-memory.dmp

memory/4540-1694-0x00000000074D0000-0x00000000074EE000-memory.dmp

memory/4540-1683-0x000000006C770000-0x000000006CAC4000-memory.dmp

memory/4540-1696-0x0000000007530000-0x00000000075D3000-memory.dmp

memory/4540-1709-0x0000000007620000-0x000000000762A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de3e9fb66a0f88838bbe7ae82fc520bc
SHA1 1bfed607b5b9f62f7895423c6c3ca20be19bd1aa
SHA256 e1f32e18054ec40e506716df1a7e8c247248596232869540261bb3a0112d766d
SHA512 488e9c7ba723c0025a828728204dddec00ba3d0378277e68b2d75fcb16b80c832b7e34b9d3c40f6da9526d4330db47aacba82cf93419be6dbfb70125dd8119bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 05a3d648344496af46d4d9ce84055fa6
SHA1 378361df4b123444a551dd8cc5d9545cef3179a0
SHA256 473d8718afc9574cfa45c23f0fb79266fa267c3488150a43491f7f7726763f61
SHA512 93960fa90a95f39109cef9da0bd45d0c5f1abbc7de3b115cc913fa0163e9d735fcaab7f3d3fbfaaabd5b0f8a561557fa55ede941455838e0d4edc991098ddde0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 16a9eb6ddb655d0332df441c6c83aac7
SHA1 273b32f9284798b3fa9fd9e1dbbecbac5b58a297
SHA256 a1381bb3b7f508b5eea98681335c3e4634f0cb9d364ba5f784ce6078b28014d9
SHA512 4b56b2a6730ddbe8a84d0fcd2ae0fc21977fb7ca9a25b4cf1a05927f48805fc807009152083b34f1979a06d077f236986f8fbc7eae34c7e2916ae98a08cae886

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f38a7d54d811353b9293a322afdf5a9
SHA1 534332d7a6006e1b43667a5c15c9a27c27a81121
SHA256 8255024d55986d105928ed992ab6599c19c7a5320cb58d6802a5e52ed67f14cd
SHA512 693aa3e1459768d5d472d46e213c7276a3db09204e34f1969885f8720a2a073365d6d9dcfffda48b12037e2fe7748710dd7c084755256eacc823a59a235a876b

C:\Users\Admin\AppData\Local\Temp\tmpD4B4.tmp

MD5 4bd8313fab1caf1004295d44aab77860
SHA1 0b84978fd191001c7cf461063ac63b243ffb7283
SHA256 604e2ecd34c77664dae4ceb0dab0b3e4bb6afb2778d3ed21f8d8791edd1408d9
SHA512 ca96d92a8abbd3a762e19f8e77514ee0018b7e5dc21493c37e83e22047b3cc892eced2fc80b78e6861bb972e20b93007eb46bcb7b562965be2bfa98a24c2ed65

C:\Users\Admin\AppData\Local\Temp\tmpD48E.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\tmpD514.tmp

MD5 32cdd1f439ff299bf5e35a20c9833db2
SHA1 eac4d96ec2e9590d8e8b48929630854678828ec9
SHA256 870b7f3fc811f1dde721e4132218676aedef6f007deb43d2d796276efd371fba
SHA512 758729c9f6603669dfeea1e645599586a000d8d57f3f326b23cb65ef718c08b70e72d45f6a0b2367b486bd784833cae6f8933ded98f6b6735b9d02f14f374f9c

C:\Users\Admin\AppData\Local\Temp\tmpD4FE.tmp

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\tmpD5AE.tmp

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

C:\Users\Admin\AppData\Local\Temp\tmpD564.tmp

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6724f0654deb8cfdb8079ccd18c7cbaa
SHA1 684e8c76c76c315bd46c61799af5c3779c969263
SHA256 203f2840c0a9804639c646d9a13819f2e5392cd451ba8dbbaa8440fee19861be
SHA512 20d12e246d248734f9fb858ba12b469d5f1d0b68f0bde2114d64a23212d467c8fd6d82c02ce352d92b83e3b2ceb8c09b169411cfa0b2bb07341c1fea268d1b49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c950c341d5705c216bde21ee61c52be
SHA1 95b554ccb8156047567da35937800dab4e8de250
SHA256 e9e6f22b040d35e9373d6383ac9e9fe0d53534d395da009c763c816de02bcec8
SHA512 a6d3042ad286e719c04a1c36e14b0af9a58b32cfbf7173c49577cc106312644a72c036eca3f434c13b7f9a7b1db9d31e0235fe2efe464eab7234316269173b7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 320192334eff0451cbaf0b2876b1c576
SHA1 395b3980f09d620a662ab54b4be99f31ecd43446
SHA256 a6fbb918dcfd0382c32f5ae106aa62098a2b0aa3b3aa7c32ef4ac43786ea8e12
SHA512 230546b960038818540bf7502ed18d20136129217496e5f1c2c2df014828676f629476a2ea2cada65f0e57de1189f465fc88e41767736104938eedc1b9f54646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 893976cf4874291aae817028a78edfe8
SHA1 20c27d8dc168327c04ea4407d2c00c501778ef2c
SHA256 7031fd130ed286bf8ccbb66cc4ffd206c056b0621c441998c7b55b7f90b7b281
SHA512 f4fcc4be551a7a44dbb0168984ee08624e4d89fa59597948621a0b510071a5ffa00ac8af638a4a215dedc1d8b0dfb973a27f5a4efc4147bca31db328787a0874

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 33e86c9182df7d8147a80a5d173709bc
SHA1 db4771230c06cf14a7b79c224b1a5a91adae487e
SHA256 23863ae5cf52dc1c98ad761a505d782da28be69cae34def03b417ee077479436
SHA512 94bc2545ce98d4159f9bef78dddb1a1fc4de742e70ebe5e75afcb8defa1297c346a4e900e961916f7e1cc1b657a48444fc4583caa15ca75a20a4c48eeb05a91c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 74aa738357fe5443352992f5b3ff03b3
SHA1 53ad4b33b84fac85258b8be177194e7b0120c80f
SHA256 f2345cfacc139e32f48db937a0cf0bc80cf887185ebfee8a6ae1e2b59785c3ea
SHA512 b01c182443ee2fc66c074e31e18ce05c1abbe4b458b68e6bbf55789d95ed0fd63b75c2900995e048662db2a5ee6d55f56110c803873c3f3a37c8462292ed2a0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe594d99.TMP

MD5 2a46cfaf4ceb216d7e8498769c6d5a16
SHA1 9abdcbf25f530a7665a91bc22cc79f2be5125c40
SHA256 b5c4f11a86f0a67684b3dd6baa3311a161442ed37a3f5c558d514db69cb4b8b7
SHA512 c9393ca17242eaaf4460d0c5445c6e682016bebb6eb032e975d551b0db62b0c3217ae1e3092d64df902bdb308bc0dbe9bce2b1da7eade89f7d249a6405d7ded2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\424126c6-0562-4d13-9192-edfae5b9e361\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 96feaf8c3a09d87bf97fb6aa00ccb175
SHA1 51774a4d50695bd4259c36e8816b0d9d271b4706
SHA256 2fc7c18e75c4028577c9dec044a840efeab2ca9f069fa40750f9562e2659cc49
SHA512 e4f7e0e4a872f05fdae75662500b013c17889b01f011eb01b6d4a87babccdcab42f16503df4ac1f51443a9718de51a006c78bd08f7629f38ad25e695934ef790

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 374a92c117fa0d82c794dc9f39652595
SHA1 dcbedfd475deb7b1853f422a4bfd9d5566d3e6c5
SHA256 d1fdb4bfb976681b66147f1e87bd2bad075fd8bda6cb0f691e80a74faaf683c8
SHA512 1955adf9450a18ceb689a735ed779c46d5c31579ed04d1dbd811396014832c97222353fbb6d3a97fa960d18472b64f9d06d8187de29b90bb514fd968eadd3d55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 05c942bb5375579bba7f54f6a39780e4
SHA1 796b91bc77ff8d03ad174b87692ee792a6cec690
SHA256 b27d1441a81062e239fdca40151a50852aec286c37161ab064b288a583ec2b66
SHA512 e960dbbe07b4dd359d423b3bca31aab001d355a13c339ffcd97114563e801259753e48e8bfe1f9bef530df57a69b7711eff56a36f8eac8354b5963dc8585d8b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b524e15e74a2e9d0a9ae3b3ca5131a89
SHA1 24b3c4fc1e06ea2da680f31a6419710f559cf33c
SHA256 39ebcc5616e357f79be523e582cd813022b977e649acb8169a0fc672c403583d
SHA512 91bed93871f472719a0721b5dda93677dce0ecc798d4f4adc84646d1c28aad7beb2f74aae0cd354d6d8b1465cb692733ada9231c704455feb461797073bb314f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a023cf7630636dfd5ee80c8409955d89
SHA1 44ee27ecb9e9714cc50a972bdde0ba7dd46770fb
SHA256 8a94767b6d4d3a11be940417a77ea7bf42c2f314625aacb9fd4c6538339b9c44
SHA512 50003e60ec1a952de7df63c97c6bde9e540b249469e1660812c1fad32e0a875018a25786b5e93248ea2ef61380cd0f46c95d11e2464ee71010d9ec05d89fedbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd413477b91aa1ff3ae421c6240aa79a
SHA1 8d8018cc7a7be32afa550786131ef94a2ab9c340
SHA256 c087f98d7a6467935572de966a716d202d7aae2e5f1fdc7f95e373af9734b31a
SHA512 e0b781af8fd6a6827603c2687d3e22fd75498989761f7d217f489cf9502bb4f1b44a5feeec72480b5fa56eafe0542e0946172f05997e75894dc3efb3d0aa5f26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 08699e75bc2898a1b273753c6e57013e
SHA1 3ea8d3f9e7b75c05d327e3d3b43a2d4fee672575
SHA256 dc9ced7221f0a69e4ae0b0b3991cf73e252c759baec19129faf470ce48240c0f
SHA512 9b45e923e9f9c1b539c68b545cfb91ca96fa5cebeb912b4035d89c20a7c4ccc4503e9b291cfb3b1d679adb79c7bcce7263c7d04c1c14914395ef6845cc803487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1fb17a57-c9db-4abb-b52a-dbd63a2a175f\index-dir\the-real-index

MD5 e0cd387ee49f5893e73ddfb46230bff9
SHA1 99e8e32be2b8c5207b854ae07bb7868787cf2c49
SHA256 ce3757f6719c3bc1e17628e27dba8672be02cf684d9329f91ab56554de2b2f45
SHA512 0659cb28ff03c347aff697970d0aad9376122d5f096614542d910884f011bd7251a470a922b46cf9cfbb7cc9a53aa973361d8f6a1093b891fd632f42e46d3b5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1fb17a57-c9db-4abb-b52a-dbd63a2a175f\index-dir\the-real-index~RFe59c47f.TMP

MD5 4e8ea8b4381b1fb18e5591d217458d56
SHA1 786fe949a905ed8492a21c8413cc0388ffe96458
SHA256 877dba61ef4b73002ca5ea2209287aa11a1feecc2e8a4616ad79896b1683399e
SHA512 818d8cf8648f04f08543ef47b226a41da72a58c1c8d5481c99d9ca313d3b07bde804a1ceb4b12cc29174c3dacec987962308af1af302260e622eb4979a515338

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 39e5e9de9106206ed46d5d29c13a5904
SHA1 dfcf18c794526ba1f4006bce3bb7d030a4236702
SHA256 50d5a1d23564491dbb5ccd208b6251336ff09e85601ab7e32601c4dbd68e8747
SHA512 818fcbae448fa041e4558cd7326e2fa64bf835641dbea8a31a85e4e3b03fe70ebbbe0ef1bc28c937271148d05fdb10a5933dc126f8777a99ece9272c2ed2a44c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8be55daee29cb1ac4ed8c30dec1ade15
SHA1 287e1d65b0e348404265253e12c30c68fb5bf415
SHA256 0e0720f05db26d86119986601d1b88829974128acd23078ee549ce8efdf9c1ea
SHA512 96895e896f8251ddf11a99f1c4cf4e40667c170766dfec58a104ee93fca3884c0e705349c4d5f5b274aaddc93bab3c3fc3efa7e27bf7e12803de4a2f0df5f272