Malware Analysis Report

2024-11-13 19:09

Sample ID 231111-yfwbpsbc7v
Target f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556
SHA256 f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556
Tags
glupteba mystic redline smokeloader zgrat taiga up3 backdoor discovery dropper evasion infostealer loader persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556

Threat Level: Known bad

The file f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader zgrat taiga up3 backdoor discovery dropper evasion infostealer loader persistence rat spyware stealer trojan

Detect Mystic stealer payload

Detect ZGRat V1

RedLine

RedLine payload

Glupteba

ZGRat

SmokeLoader

Glupteba payload

Mystic

Stops running service(s)

Downloads MZ/PE file

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Launches sc.exe

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 19:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 19:44

Reported

2023-11-11 19:46

Platform

win10v2004-20231023-en

Max time kernel

74s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\BB9A.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe N/A

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BB9A.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2404 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe
PID 2404 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe
PID 2404 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe
PID 4148 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe
PID 4148 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe
PID 4148 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe
PID 3716 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe
PID 3716 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe
PID 3716 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe
PID 2356 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe
PID 2356 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe
PID 2356 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe
PID 4736 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2156 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2156 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 948 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 948 wrote to memory of 3964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2984 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2984 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 888 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 888 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556.exe

"C:\Users\Admin\AppData\Local\Temp\f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x164,0x174,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13311579382791091049,16802179786755667009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,13569128180801420712,14852307194370670504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13569128180801420712,14852307194370670504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x144,0x170,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13311579382791091049,16802179786755667009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14621915382194139006,12972315495326315250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14621915382194139006,12972315495326315250,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,14228093413542533412,12817236161872148496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eY4396.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eY4396.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6912 -ip 6912

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8sT689HF.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8sT689HF.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9EE3QR1.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9EE3QR1.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10093553649472409968,15444580852720713121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\BB9A.exe

C:\Users\Admin\AppData\Local\Temp\BB9A.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1c8e46f8,0x7ffe1c8e4708,0x7ffe1c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\47C.exe

C:\Users\Admin\AppData\Local\Temp\47C.exe

C:\Users\Admin\AppData\Local\Temp\884.exe

C:\Users\Admin\AppData\Local\Temp\884.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\884.exe

C:\Users\Admin\AppData\Local\Temp\884.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1539667073351531881,170814473985086044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Local\Temp\ACC4.exe

C:\Users\Admin\AppData\Local\Temp\ACC4.exe

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 34.203.135.243:443 www.epicgames.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 243.135.203.34.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 91.119.177.108.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.197:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 2.18.121.145:443 store.akamai.steamstatic.com tcp
US 2.18.121.145:443 store.akamai.steamstatic.com tcp
US 2.18.121.145:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 104.21.53.57:80 killredls.pw tcp
DE 18.66.97.82:443 static-assets-prod.unrealengine.com tcp
DE 18.66.97.82:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 145.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 82.97.66.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 135.121.18.2.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
NL 194.169.175.118:80 194.169.175.118 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 194.49.94.80:42359 tcp
US 8.8.8.8:53 80.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 126.177.238.8.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 5.42.64.16:443 5.42.64.16 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 92.180.67.172.in-addr.arpa udp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 172.67.180.92:80 bluepablo.fun tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe

MD5 ba40e4ffcb06c0f900b2ca4fe0318b6c
SHA1 99ca465c2c8579d750ca863514416a8c78fcb4af
SHA256 5334772944a2fe41433ac2dad31383168b09038d43fa24bd9f4e8067f713db8f
SHA512 534e192b0dea5cd0ba364b9d643ec0ef438d71460f7977258c628b76ae7f5c797e231cc238ca5bde463ff0e7662f754421d17e9de3e6a9b55726ae29d4af6496

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe

MD5 ba40e4ffcb06c0f900b2ca4fe0318b6c
SHA1 99ca465c2c8579d750ca863514416a8c78fcb4af
SHA256 5334772944a2fe41433ac2dad31383168b09038d43fa24bd9f4e8067f713db8f
SHA512 534e192b0dea5cd0ba364b9d643ec0ef438d71460f7977258c628b76ae7f5c797e231cc238ca5bde463ff0e7662f754421d17e9de3e6a9b55726ae29d4af6496

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe

MD5 b9f8e077ee394680cc79d96ddd821890
SHA1 2229da3a2b888fa2cda2463c9f63b97443d99cab
SHA256 964e80d6ac91f571eb7ab1cf46ba8049f5950f8fabbfb5ed9c319b3414019491
SHA512 34501a516828435647a4dabe05665d547136b5eba28959076146005f5d32b748076ed220678cba4a2d41e96dc06047e281da0ac2e2f0351bb76a52760d197bd4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe

MD5 b9f8e077ee394680cc79d96ddd821890
SHA1 2229da3a2b888fa2cda2463c9f63b97443d99cab
SHA256 964e80d6ac91f571eb7ab1cf46ba8049f5950f8fabbfb5ed9c319b3414019491
SHA512 34501a516828435647a4dabe05665d547136b5eba28959076146005f5d32b748076ed220678cba4a2d41e96dc06047e281da0ac2e2f0351bb76a52760d197bd4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe

MD5 31ea9b9b0c39803ee73cba2db1784d84
SHA1 a1170c46a448329a0022b17d0df8f0809fa4ccb0
SHA256 1072253a8c4596107625e3d5f689e39d5c3c3d6b7943a6dd1bbc5718c4d8cb68
SHA512 9e64d824db052f58bea5ed2d6dcf04cf28468d714e842338fddda1687a75693288e68209fa4443d0c5825e2bceae3f39a87c5ddea769361c6b18370284cd9686

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe

MD5 31ea9b9b0c39803ee73cba2db1784d84
SHA1 a1170c46a448329a0022b17d0df8f0809fa4ccb0
SHA256 1072253a8c4596107625e3d5f689e39d5c3c3d6b7943a6dd1bbc5718c4d8cb68
SHA512 9e64d824db052f58bea5ed2d6dcf04cf28468d714e842338fddda1687a75693288e68209fa4443d0c5825e2bceae3f39a87c5ddea769361c6b18370284cd9686

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe

MD5 ab83daf58f2e04dd51a019da6d634db3
SHA1 a961dc67503b7e5662a9c9d0f08ad59f665a31f4
SHA256 e16b03c1afa0e26d4e186f2f4946b45af202307d3ad26e4daa7d5192ce2e90a7
SHA512 0b3fe6b87a915b1f5d1fd9ea8fdfb9234cb3272ac9c19a7ecc1acb33a4908b130a7d114897ab89da2460686c4f39fe3c42a7cb31d899551313b7a541cd776224

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe

MD5 ab83daf58f2e04dd51a019da6d634db3
SHA1 a961dc67503b7e5662a9c9d0f08ad59f665a31f4
SHA256 e16b03c1afa0e26d4e186f2f4946b45af202307d3ad26e4daa7d5192ce2e90a7
SHA512 0b3fe6b87a915b1f5d1fd9ea8fdfb9234cb3272ac9c19a7ecc1acb33a4908b130a7d114897ab89da2460686c4f39fe3c42a7cb31d899551313b7a541cd776224

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_2156_TNWQYEDEWVQTNLUR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_948_OBVRHEWTMBEZWUNA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4656_YHHRYNKMZAQYMKOP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60bdcdacdc1e18ece44c5be7babea402
SHA1 4aaca2795fa11f7ed0b94cbb2aaf90a902820b3c
SHA256 fdc0935e9f5d8c57c71aa80a90b29f109b09b4315f6ae551d15266e1b09926b2
SHA512 22de7e34dd430de8c58b618aa025edb0be1cae499600635bfb5b4519f44e10b321c51d0d2cb358147896492381e89a6ba628a2d922bc6967cdc41e480bfbf7bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 59fa2a60b92465d1db3d05672d6b1c2f
SHA1 9893a911fe93192007f9c25268333a504d433d55
SHA256 910ac2aefa18cdd70c69870c9aac92feb92385d4785affb0fde6a0b0e8ba4678
SHA512 baf8f5e5f2bb83d3655309ffe1755937c558a274854d93e543bb15cd2699a986f27eb2c36fbaf00c944ba5e01f2fb479e1d75cde44be64132ec0ffcfce9171a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cef5b0427a00e268ca20c62fd61acad1
SHA1 5f037f0963b48dfddd2b71426779fa88784f8da1
SHA256 83fbc36cb75384048d12af5a5e5668820c13bb9d07b730c97d573d9309ac80b7
SHA512 9c13b51fedf90ee6a96ca1b2420a9411a2d0a03ef71d81f38453625ec518f172b11f1ade80a8d5b6c6dd2f37d53551fee0dc3f738a41649d87f9b5b36bce4bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cef5b0427a00e268ca20c62fd61acad1
SHA1 5f037f0963b48dfddd2b71426779fa88784f8da1
SHA256 83fbc36cb75384048d12af5a5e5668820c13bb9d07b730c97d573d9309ac80b7
SHA512 9c13b51fedf90ee6a96ca1b2420a9411a2d0a03ef71d81f38453625ec518f172b11f1ade80a8d5b6c6dd2f37d53551fee0dc3f738a41649d87f9b5b36bce4bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60bdcdacdc1e18ece44c5be7babea402
SHA1 4aaca2795fa11f7ed0b94cbb2aaf90a902820b3c
SHA256 fdc0935e9f5d8c57c71aa80a90b29f109b09b4315f6ae551d15266e1b09926b2
SHA512 22de7e34dd430de8c58b618aa025edb0be1cae499600635bfb5b4519f44e10b321c51d0d2cb358147896492381e89a6ba628a2d922bc6967cdc41e480bfbf7bd

\??\pipe\LOCAL\crashpad_2984_JHLCSAZSHZQYQYXB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 59fa2a60b92465d1db3d05672d6b1c2f
SHA1 9893a911fe93192007f9c25268333a504d433d55
SHA256 910ac2aefa18cdd70c69870c9aac92feb92385d4785affb0fde6a0b0e8ba4678
SHA512 baf8f5e5f2bb83d3655309ffe1755937c558a274854d93e543bb15cd2699a986f27eb2c36fbaf00c944ba5e01f2fb479e1d75cde44be64132ec0ffcfce9171a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9536b79cc42e80c3b7e2618edf8984ee
SHA1 3a7ddd9328afdf8237b9e6d22f9c947d0078dc5c
SHA256 7b943e4d2a7bca4313526c715e2dd22931d73b1d964362157dbe6c1308be281d
SHA512 c34295d55e710f8e1d21db213b4d6de58e4786b7bba3c1cdf680510be9f9d2ef14053888560ae290e298ed77be9656fad3b2725016b4423d276d0aeb92cc885b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9536b79cc42e80c3b7e2618edf8984ee
SHA1 3a7ddd9328afdf8237b9e6d22f9c947d0078dc5c
SHA256 7b943e4d2a7bca4313526c715e2dd22931d73b1d964362157dbe6c1308be281d
SHA512 c34295d55e710f8e1d21db213b4d6de58e4786b7bba3c1cdf680510be9f9d2ef14053888560ae290e298ed77be9656fad3b2725016b4423d276d0aeb92cc885b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60bdcdacdc1e18ece44c5be7babea402
SHA1 4aaca2795fa11f7ed0b94cbb2aaf90a902820b3c
SHA256 fdc0935e9f5d8c57c71aa80a90b29f109b09b4315f6ae551d15266e1b09926b2
SHA512 22de7e34dd430de8c58b618aa025edb0be1cae499600635bfb5b4519f44e10b321c51d0d2cb358147896492381e89a6ba628a2d922bc6967cdc41e480bfbf7bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cef5b0427a00e268ca20c62fd61acad1
SHA1 5f037f0963b48dfddd2b71426779fa88784f8da1
SHA256 83fbc36cb75384048d12af5a5e5668820c13bb9d07b730c97d573d9309ac80b7
SHA512 9c13b51fedf90ee6a96ca1b2420a9411a2d0a03ef71d81f38453625ec518f172b11f1ade80a8d5b6c6dd2f37d53551fee0dc3f738a41649d87f9b5b36bce4bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 59fa2a60b92465d1db3d05672d6b1c2f
SHA1 9893a911fe93192007f9c25268333a504d433d55
SHA256 910ac2aefa18cdd70c69870c9aac92feb92385d4785affb0fde6a0b0e8ba4678
SHA512 baf8f5e5f2bb83d3655309ffe1755937c558a274854d93e543bb15cd2699a986f27eb2c36fbaf00c944ba5e01f2fb479e1d75cde44be64132ec0ffcfce9171a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1272c3112250da86430164a5d92dc22b
SHA1 0d5c4286aeffe1b871d1c3c39801464bcaafbd39
SHA256 cc613c4cc5aecfe4236ea00cdb37ea8247e49ff400069e70f7eb4339dbe105ef
SHA512 9059ebdffbe9b9ecfe48a8274e3bc0382eba1ed8c111ce1eaf0c44a4e3f2c33fdf5c1560b6e49ae2e9395317f99ca2d21a9f2681bac8014f9e344fd737936ce1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eY4396.exe

MD5 c6e1cbf4c69ab7d8440685e1d847721f
SHA1 dac541efad2b6350640f6b0e5c633ee195a18aef
SHA256 197df032066100c7ec18f878edf321c39a5d048519a8e02944544529d3dcd379
SHA512 89cace6d18012803012333a3d01812013d6eab0db953ac4960079f416f48e19a61a4cd66d14fafb9af98cca0ba9d24a6988929f2c90ec5f6e51ee5941e34ac90

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eY4396.exe

MD5 c6e1cbf4c69ab7d8440685e1d847721f
SHA1 dac541efad2b6350640f6b0e5c633ee195a18aef
SHA256 197df032066100c7ec18f878edf321c39a5d048519a8e02944544529d3dcd379
SHA512 89cace6d18012803012333a3d01812013d6eab0db953ac4960079f416f48e19a61a4cd66d14fafb9af98cca0ba9d24a6988929f2c90ec5f6e51ee5941e34ac90

memory/6912-211-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6912-214-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6912-213-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6912-217-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/5280-220-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9536b79cc42e80c3b7e2618edf8984ee
SHA1 3a7ddd9328afdf8237b9e6d22f9c947d0078dc5c
SHA256 7b943e4d2a7bca4313526c715e2dd22931d73b1d964362157dbe6c1308be281d
SHA512 c34295d55e710f8e1d21db213b4d6de58e4786b7bba3c1cdf680510be9f9d2ef14053888560ae290e298ed77be9656fad3b2725016b4423d276d0aeb92cc885b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9e2f5bfb188452b7aee0464359f68775
SHA1 a59729afa885c8d615660568c398500846d0cbc1
SHA256 ccf0d7b11835412ac3d00ab26acb331e466779468e818d987ee22c1ad565e175
SHA512 b2fab78839b8eda2e42e3c4df798b88f2f4697d48bdffeddf178cbb6edeedc1a052d02b836fcda4b62f62bfa07ffa36b56a8b1043a74a1265205e115151b2c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c188c53e448e2d2fc8a48f3d2316f00a
SHA1 f09ff34afef78fa360aa3f8b4f860c032581c92b
SHA256 c635d70ecfcda8e4f5acd276006801c7d4fcb996042f4215f89fda35985cb10c
SHA512 6f60fcb3c3e859bf9e4e816c2a197f5a99fdc53d3e156445355ac63eb40975b17c82d5427162e1c311bc92885a82e139576d833970d3a315c8c7809010f4b51c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/3292-267-0x0000000002A80000-0x0000000002A96000-memory.dmp

memory/5280-269-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8sT689HF.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/3880-277-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3880-281-0x00000000742F0000-0x0000000074AA0000-memory.dmp

memory/3880-282-0x0000000007C00000-0x00000000081A4000-memory.dmp

memory/3880-283-0x00000000076F0000-0x0000000007782000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6086a52cc0d58501a56e008e5cd97f1
SHA1 14c28d2bc4059818a26c1cae106183462f86be96
SHA256 56017543db961fbdbe1e527b1f8a7843fd9785c068092062709622f44baf57e3
SHA512 770bdc11418f1c892ad2fdd79031f1ee2e6b03c31a5bfe69053cdb6cc4290ed10155008fb9a93b84105db4620cd018b62d87c30eab3dda689f201a1b8cc61ac0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/3880-305-0x00000000076C0000-0x00000000076D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/3880-313-0x00000000076A0000-0x00000000076AA000-memory.dmp

memory/6960-320-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6960-323-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6960-324-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6960-326-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3880-327-0x00000000087D0000-0x0000000008DE8000-memory.dmp

memory/3880-332-0x00000000079F0000-0x0000000007AFA000-memory.dmp

memory/3880-339-0x0000000007920000-0x0000000007932000-memory.dmp

memory/3880-343-0x0000000007980000-0x00000000079BC000-memory.dmp

memory/3880-350-0x0000000007B00000-0x0000000007B4C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589333.TMP

MD5 ce790661634743b78b96e401043ebf9a
SHA1 294a7fa01cf4d8c3f3bb9961d4c0ca19ddae7ad8
SHA256 c8db9e8cbb992bb1f2ca6a198e2777a69a036485e1bb60f5ce316b1481762d61
SHA512 ed4efccb3701e6e23693c38e7348aa194e77cdd427febb71a39de70a458b5180d156186e83d5635bf5af4e8b57107c73849ed985a0cb656f881125fd285aabd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7367f0ef0dda3ef9b22c4e88161c30e9
SHA1 0e2a03fe7420e51175cb07bc888baf309af9ddc3
SHA256 c536c771e868ab8c2059575414504f82f2103a4e6dece26e89c2b375bedfef46
SHA512 03367be102f8d275899b8a3c24d922e90568da5074db57753e0e07bc6591eed327367fd9a89c98f88cb5f57ff52bcfa0a322efa042b3d1be265eae3340673284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7b6d920af3ae9d1b68a303afab3567b8
SHA1 c88a111268b6c4752e472dbc69e12b7541ca8b80
SHA256 5fb7eff8762e7b40ebb916d8ee07cc7a5d2ee56154ab984eb88315bb0c5fc16b
SHA512 88dc2e7325bd9d69c105fb0cb1f074ce9176bf6fe09a75d7cf9d241968bfb00c6a1a42a3d397d7b6097688d941abae56492a50aae75a88e475d13998254abbc4

memory/8120-474-0x0000000000400000-0x000000000046F000-memory.dmp

memory/8120-473-0x00000000005A0000-0x00000000005FA000-memory.dmp

memory/8120-478-0x00000000742F0000-0x0000000074AA0000-memory.dmp

memory/3880-479-0x00000000742F0000-0x0000000074AA0000-memory.dmp

memory/8120-480-0x00000000076A0000-0x00000000076B0000-memory.dmp

memory/8120-481-0x0000000008100000-0x0000000008166000-memory.dmp

memory/8120-482-0x00000000089D0000-0x0000000008A46000-memory.dmp

memory/8120-485-0x0000000008AA0000-0x0000000008ABE000-memory.dmp

memory/3880-486-0x00000000076C0000-0x00000000076D0000-memory.dmp

memory/8120-510-0x00000000044A0000-0x00000000044F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1a631fdfac91ee583fc3975b139a02d0
SHA1 8dc85d3753d870a6be992a125c069a934ffecbc9
SHA256 959aa7520c51fa95e0157a3c6adfc5636fadecc553e755c8e741527c66653b0e
SHA512 1ffb7f6f2cb678600f8e400de738ac5189d9afe0c279dc66896138f0f9734147acee247b6c96e4c77f77aca43cb545d3c334ee9a8f2d260492c92168f2d55c09

memory/8120-520-0x0000000006A90000-0x0000000006C52000-memory.dmp

memory/8120-521-0x0000000008B90000-0x00000000090BC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 25189300c19c8d07d07f0ec5b9ac8df0
SHA1 8c38360db6ac069df9f203b225348ac699f020b7
SHA256 80664f48abed2305dc6c625d5faabd9c6cfb91a495b3978799e29f6c686a85f6
SHA512 8ba104d264ba9f10b6c60a2a51e0fb6ded1555acca091d16899f49da1635d4372ff5c8813dc02abb0732dce6c0d529708938abd54e2fcf24cd04fb9f7301f862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cd57206d74e68e1f70796d0fda0bf24a
SHA1 dbdcb840eae95928031d3e99994d2cdf651ec85b
SHA256 8af9526122c3e5f3d3840c5442672e5c2240c09ed4b01d7252e931c770fbe196
SHA512 1d2b643233f4ec20715020c18fb795eb2648125462e0bfe557c991a0e0048d71c85570e37f45a20c38bc88f1f4141c6e24b1da904af08eb3ec8d21305ad5583c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4ff23eda5bd3c409ece8474872e6eeb
SHA1 2b06da0b8ddf156efe044f60339b02cd29a2ad15
SHA256 c60aa20112961d1090631b40a28ec80ecac4279bcd1969d0d13f32019344a568
SHA512 9a99a0bd452c0b4356582c7d55042a0a43fb7a6a62460fa3e6cd60d3757af1cb63a6ae2085318ce871df89c35197bf4cf03a8d1b97d2ed837e3af447a9021824

memory/8120-550-0x00000000742F0000-0x0000000074AA0000-memory.dmp

memory/7696-556-0x00000000742F0000-0x0000000074AA0000-memory.dmp

memory/7696-557-0x0000000000700000-0x000000000139A000-memory.dmp

memory/7792-565-0x0000026890390000-0x000002689047E000-memory.dmp

memory/7792-569-0x00007FFE19E00000-0x00007FFE1A8C1000-memory.dmp

memory/7792-570-0x0000026890820000-0x0000026890830000-memory.dmp

memory/7792-573-0x00000268AA8E0000-0x00000268AA9C0000-memory.dmp

memory/7792-574-0x00000268AAA30000-0x00000268AAB10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/7792-584-0x00000268AAB10000-0x00000268AABD8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/7792-585-0x00000268AACE0000-0x00000268AADA8000-memory.dmp

memory/7792-590-0x00000268AADB0000-0x00000268AADFC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/7696-611-0x00000000742F0000-0x0000000074AA0000-memory.dmp

memory/5744-612-0x0000000000B40000-0x0000000000B41000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e7c0daa78dcd7b64e59e2f69cd09610
SHA1 55cdab5aac1f262584c388bdb2b3937183759885
SHA256 6f455ac5a89f7b0134670df01ebb7a2b94e73272802577b73b2319449b34e9ab
SHA512 4fa7c6f8718d1fad5bc18e0b34a8fa3ce38355ec133da3944c07243e34a48fe471779d5e2f86fa74a2a9c1f71a3ad51c4992e4a43e02a45f25f8777ec52c96ab

memory/6224-622-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/6224-624-0x000002BE45E30000-0x000002BE45F14000-memory.dmp

memory/7792-626-0x00007FFE19E00000-0x00007FFE1A8C1000-memory.dmp

memory/6224-625-0x00007FFE19E00000-0x00007FFE1A8C1000-memory.dmp

memory/6224-627-0x000002BE44660000-0x000002BE44670000-memory.dmp

memory/6224-628-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-629-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-631-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-633-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-635-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-637-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-639-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-641-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-643-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-645-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-647-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-649-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-652-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-654-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-656-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-658-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-661-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-663-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-665-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-667-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-671-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-673-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

memory/6224-675-0x000002BE45E30000-0x000002BE45F11000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 da6854d6d44ebc74ff90b9e95a43a8bb
SHA1 c1581e997d228cfd1d54f12e98de6dec3074f04d
SHA256 bf0586dbbfe271fba96cbede185c694ecfd59508d66c7c911e45eb140f266f88
SHA512 9e9c7a8aab5cb34f1b1c7610701a3853ba6a0853a91b85c7652c097068c3df23cb17a44e9373e4c4030a19699f351620a32e361d68336eb8998f206cebee0e2e

memory/8140-712-0x0000000000901000-0x0000000000914000-memory.dmp

memory/8140-713-0x00000000022D0000-0x00000000022D9000-memory.dmp

memory/5164-715-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2420-733-0x0000000002B30000-0x0000000002F2C000-memory.dmp

memory/2420-736-0x0000000002F30000-0x000000000381B000-memory.dmp

memory/2420-741-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/5164-892-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5968-1307-0x0000000002C50000-0x0000000002C86000-memory.dmp

memory/5968-1306-0x00000000742F0000-0x0000000074AA0000-memory.dmp

memory/5744-1309-0x0000000000B40000-0x0000000000B41000-memory.dmp

memory/5968-1308-0x0000000002D10000-0x0000000002D20000-memory.dmp

memory/5968-1311-0x0000000002D10000-0x0000000002D20000-memory.dmp

memory/6224-1315-0x00007FFE19E00000-0x00007FFE1A8C1000-memory.dmp

memory/6224-1318-0x000002BE44660000-0x000002BE44670000-memory.dmp

memory/5968-1317-0x0000000005460000-0x0000000005A88000-memory.dmp

memory/5968-1330-0x0000000005250000-0x0000000005272000-memory.dmp

memory/5968-1341-0x00000000053F0000-0x0000000005456000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rasmx5j0.bqg.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5968-1356-0x0000000005C70000-0x0000000005FC4000-memory.dmp

memory/2120-1396-0x00007FFE19E00000-0x00007FFE1A8C1000-memory.dmp

memory/2120-1398-0x0000028737CA0000-0x0000028737CB0000-memory.dmp

memory/2120-1400-0x0000028737CA0000-0x0000028737CB0000-memory.dmp

memory/2120-1407-0x0000028737CB0000-0x0000028737CD2000-memory.dmp

memory/5968-1418-0x0000000006260000-0x000000000627E000-memory.dmp

memory/2420-1443-0x0000000002B30000-0x0000000002F2C000-memory.dmp