Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-z9tweacd35
Target 73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809
SHA256 73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809
Tags
glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809

Threat Level: Known bad

The file 73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan

RedLine

RedLine payload

Glupteba payload

SmokeLoader

Mystic

ZGRat

Stealc

Detect ZGRat V1

Glupteba

Detect Mystic stealer payload

Downloads MZ/PE file

Stops running service(s)

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Launches sc.exe

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 21:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 21:25

Reported

2023-11-11 21:28

Platform

win10v2004-20231023-en

Max time kernel

14s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Downloads MZ/PE file

Stops running service(s)

evasion

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1504 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe
PID 1504 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe
PID 1504 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe
PID 3556 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe
PID 3556 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe
PID 3556 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe
PID 336 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe
PID 336 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe
PID 336 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe
PID 2200 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe
PID 2200 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe
PID 2200 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe
PID 396 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3500 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3500 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2748 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2748 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 5236 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 396 wrote to memory of 5236 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2200 wrote to memory of 5588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2aX3135.exe
PID 2200 wrote to memory of 5588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2aX3135.exe
PID 2200 wrote to memory of 5588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2aX3135.exe
PID 5236 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5236 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809.exe

"C:\Users\Admin\AppData\Local\Temp\73e66b42e44dc48abc9af6dfef222863d746a7efa7d55a64384ad91650326809.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x40,0x170,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc0f46f8,0x7ffecc0f4708,0x7ffecc0f4718

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2aX3135.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2aX3135.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,5286267728781630084,955738192814931729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12555492270556190228,11035756988314508204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11389585510206056437,15853198559916558733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11389585510206056437,15853198559916558733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12555492270556190228,11035756988314508204,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,3528069788847170278,17401013209748061650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,3528069788847170278,17401013209748061650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,5286267728781630084,955738192814931729,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10930884107994632886,769217595877565314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10930884107994632886,769217595877565314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,18043647644959832014,1766314884769976592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,18043647644959832014,1766314884769976592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17330343266971922005,16087655644418651604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17330343266971922005,16087655644418651604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6141514618808659542,17126453680022454140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6141514618808659542,17126453680022454140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9967026127131323520,1461658691604513632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9967026127131323520,1461658691604513632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ky62mv.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ky62mv.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7896 -ip 7896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8kl309yq.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8kl309yq.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Oa1iG1.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Oa1iG1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\DFEB.exe

C:\Users\Admin\AppData\Local\Temp\DFEB.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 9528 -ip 9528

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1A94.exe

C:\Users\Admin\AppData\Local\Temp\1A94.exe

C:\Users\Admin\AppData\Local\Temp\1F29.exe

C:\Users\Admin\AppData\Local\Temp\1F29.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\forc.exe

"C:\Users\Admin\AppData\Local\Temp\forc.exe"

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\1F29.exe

C:\Users\Admin\AppData\Local\Temp\1F29.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\D72F.exe

C:\Users\Admin\AppData\Local\Temp\D72F.exe

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,16092962885299915837,12930850860636239047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9144 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 accounts.google.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 34.227.175.231:443 www.epicgames.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 231.175.227.34.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 157.240.5.35:443 www.facebook.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.65:443 twitter.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.5:443 t.co tcp
NL 199.232.148.158:443 video.twimg.com tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 104.244.42.67:443 analytics.twitter.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 67.42.244.104.in-addr.arpa udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 appleid.cdn-apple.com udp
NL 173.223.115.205:443 appleid.cdn-apple.com tcp
US 8.8.8.8:53 205.115.223.173.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 54.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
NL 142.251.36.14:443 play.google.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
FI 77.91.68.247:80 77.91.68.247 tcp
US 8.8.8.8:53 247.68.91.77.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 fbcdn.net udp
NL 142.250.179.163:443 www.recaptcha.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe

MD5 e5ed32decc861d5654e441684b2d5f91
SHA1 a30e8ad60db1f594858bc4be03389a27355d4359
SHA256 22f20af16148bdb78316195f199dea556bcd37d5538a254ba55df88f207d0bd1
SHA512 cf28ee136ca6313cbb36d9de699f691bd7b6d638f0e49327aa38d8d78e376ff28fd6bd0f2d4aa57516c4c0eb4c30aeb33faa936564f30c0dc29b0dfcf8f34da4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ks6Ya48.exe

MD5 e5ed32decc861d5654e441684b2d5f91
SHA1 a30e8ad60db1f594858bc4be03389a27355d4359
SHA256 22f20af16148bdb78316195f199dea556bcd37d5538a254ba55df88f207d0bd1
SHA512 cf28ee136ca6313cbb36d9de699f691bd7b6d638f0e49327aa38d8d78e376ff28fd6bd0f2d4aa57516c4c0eb4c30aeb33faa936564f30c0dc29b0dfcf8f34da4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe

MD5 f36f018a799da9c63e6e335c740162e9
SHA1 c2c76f1dda01c00b7d324271cf5f38d2caecf986
SHA256 cbfaf690d708e0999c2a4c8cfc94b346c34184626549a55991dc6153b6396202
SHA512 184dd79c58c4c8536213f537ea90da9bf9ade90f9f893a7949c6dfc5af337e9d1386ed86497ea26ca5c059afbd215ca3237772f1ac22211b072fa62994317169

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rq6xW62.exe

MD5 f36f018a799da9c63e6e335c740162e9
SHA1 c2c76f1dda01c00b7d324271cf5f38d2caecf986
SHA256 cbfaf690d708e0999c2a4c8cfc94b346c34184626549a55991dc6153b6396202
SHA512 184dd79c58c4c8536213f537ea90da9bf9ade90f9f893a7949c6dfc5af337e9d1386ed86497ea26ca5c059afbd215ca3237772f1ac22211b072fa62994317169

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe

MD5 b01985ff055083b005ab7b43e7dcd020
SHA1 e51e1cf6e4c776fe13562e28150d1ee3b71f22f2
SHA256 888daa8c236ae294c7bf0a32d101dc44bffeed0f8ecd0e9ea294aa0d0c6fb797
SHA512 cb300fe787fdecaa43e0bef87de871fc944934a1a4101114d182018e4c5d5d38a7753698f19482f089dd6de916823d31353557736d052d0fb24e92811ef746e1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Kv0wK82.exe

MD5 b01985ff055083b005ab7b43e7dcd020
SHA1 e51e1cf6e4c776fe13562e28150d1ee3b71f22f2
SHA256 888daa8c236ae294c7bf0a32d101dc44bffeed0f8ecd0e9ea294aa0d0c6fb797
SHA512 cb300fe787fdecaa43e0bef87de871fc944934a1a4101114d182018e4c5d5d38a7753698f19482f089dd6de916823d31353557736d052d0fb24e92811ef746e1

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe

MD5 37487e4d4a58d7030f12f19daecba7e1
SHA1 3573d9b1c01aab3f577aaf41bd3c47eafb7cdb51
SHA256 66003832128b1d513ba3a1f42dc411b5ccff738d02fe3f0895041421641de0c5
SHA512 02db57848c7faa9e625ebe80f02f48a2be646f466cfaaced2d00bd170a3c2ddfba606ea55a9319c4e8759a633eecf3fbeaea847a3cabddc1cbc6e2be02d35f89

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pK90pi4.exe

MD5 37487e4d4a58d7030f12f19daecba7e1
SHA1 3573d9b1c01aab3f577aaf41bd3c47eafb7cdb51
SHA256 66003832128b1d513ba3a1f42dc411b5ccff738d02fe3f0895041421641de0c5
SHA512 02db57848c7faa9e625ebe80f02f48a2be646f466cfaaced2d00bd170a3c2ddfba606ea55a9319c4e8759a633eecf3fbeaea847a3cabddc1cbc6e2be02d35f89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2aX3135.exe

MD5 1f4994346c66b9a9d983de6c779938c5
SHA1 00bb24c634a57af5b1b5982b3121112f938a7970
SHA256 5de7891fbd33c7d23b3c9e6afec94b301a95371bffab3240290fc8d61f3624fd
SHA512 3078c328af8a1c2095f0d147630e9b9ef468a9431bdabb9c1ef8e04d49d68c01a8119ad8470c3520b9c4a80e1a37a6bb8af51f8f7c3459782f4744edb3b89ab7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1568_YPNSOZRNMRVEHNFS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5236_SKAFGWJEERPPPPEE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4248_QQWXRSNEHBHCOLKU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3500_GFBXXPXBRRGDATPL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_2748_JYRTUVTTNQDAHHML

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2012_MGEUQHPTMQJTCIGT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2aX3135.exe

MD5 1f4994346c66b9a9d983de6c779938c5
SHA1 00bb24c634a57af5b1b5982b3121112f938a7970
SHA256 5de7891fbd33c7d23b3c9e6afec94b301a95371bffab3240290fc8d61f3624fd
SHA512 3078c328af8a1c2095f0d147630e9b9ef468a9431bdabb9c1ef8e04d49d68c01a8119ad8470c3520b9c4a80e1a37a6bb8af51f8f7c3459782f4744edb3b89ab7

\??\pipe\LOCAL\crashpad_2008_PNDZZHBDCKSKBNUC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_4948_ADRHAOCNRVJHOTYC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\770cfe45-95d9-4030-a9c4-76b15acbacf6.tmp

MD5 02470ac385f83023629b78a971cc6dbf
SHA1 1b8bcac410b74d77fe09be38c7c5396ba1f911ad
SHA256 cd39681571336f1efe719357264c64c715cf25f1ebe0c9c4dbaaf68c4e43c0a8
SHA512 f8805c32499663d582284c53222071a37bc791ec470a3079621e67c46aa7b4fe9c26d50a245023163aa0f25157c453b9e46f454d0396ef0897373a71b1a0107f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a911bc0eea630f3f839e957212a518da
SHA1 d1021ab7397ce2dccf20fad3f3aee53ef8f2011f
SHA256 b8f06ecac6163b5331591b676d685676b900fb5d8218a88813fe6b6e5a25609a
SHA512 aee0db1f57f9baf554fd0e76d5826f64699dce7862f3ac99156814ef9cfb2278ba8ee605cd762a1f74072aace2ffc6fed11df2f9da826c198783b01947083714

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a911bc0eea630f3f839e957212a518da
SHA1 d1021ab7397ce2dccf20fad3f3aee53ef8f2011f
SHA256 b8f06ecac6163b5331591b676d685676b900fb5d8218a88813fe6b6e5a25609a
SHA512 aee0db1f57f9baf554fd0e76d5826f64699dce7862f3ac99156814ef9cfb2278ba8ee605cd762a1f74072aace2ffc6fed11df2f9da826c198783b01947083714

\??\pipe\LOCAL\crashpad_4340_UIEBJSGCPMEIZJJO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_404_UNWOACAKBVBGQIVF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d4a595ff-4fb8-4aba-a5f7-1a711e3bce45.tmp

MD5 3d9c179008b70aa8b25dfc25ffdd5417
SHA1 2429158159f55ae44ec391d501f026c92f0cac8c
SHA256 92c241cb999b569a595097260dedbfb8984957d3d7e54e165495ae96a1eaaf8e
SHA512 e3f377521a7b835073a7c03acce18a674c8b1ed7894e33f390d2764ab81a3b2e58d175c0232aa0d6891ab1e7f92b260af6264fe0b97722cc58511648adfb1ad0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\234bec20-6e19-4168-9660-d853d18ad802.tmp

MD5 ce4998a86c470f29b5c1e2ad559d9e76
SHA1 421e22a3895564b9007d45ebf0ec10dcabbe4e7f
SHA256 2b7d0f8359abe3317d3e70cfe0f3dc420f4405b2763ef2498ab70eb276a4580d
SHA512 45c5000f6f6316092520409318ee4027d02c18c75b267a366828570ad879b587b2f1ab117070b45266a3ea9cf08abb51be46d7561c47cd768e749837dd6f0db1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 664d4f8728f971a4663c73c15bd582d7
SHA1 fddf49f0c0deca662e25e9a69d939c96b8b56f78
SHA256 949668b6cd0cb7c1c88f9690820a1e5912f25ddfda542eb059b3dfa0fb6cfbd7
SHA512 a5732c65e52ddefed122ec7584840fbffcd6823a338dbd1ed6afc69a13dddcfb6ec2d218609eff6896ac63da215d67bb1a001cfaa1934c85bdfef3bcc1e3c0f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 02470ac385f83023629b78a971cc6dbf
SHA1 1b8bcac410b74d77fe09be38c7c5396ba1f911ad
SHA256 cd39681571336f1efe719357264c64c715cf25f1ebe0c9c4dbaaf68c4e43c0a8
SHA512 f8805c32499663d582284c53222071a37bc791ec470a3079621e67c46aa7b4fe9c26d50a245023163aa0f25157c453b9e46f454d0396ef0897373a71b1a0107f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce4998a86c470f29b5c1e2ad559d9e76
SHA1 421e22a3895564b9007d45ebf0ec10dcabbe4e7f
SHA256 2b7d0f8359abe3317d3e70cfe0f3dc420f4405b2763ef2498ab70eb276a4580d
SHA512 45c5000f6f6316092520409318ee4027d02c18c75b267a366828570ad879b587b2f1ab117070b45266a3ea9cf08abb51be46d7561c47cd768e749837dd6f0db1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d4f252fa-1824-4946-b9f4-8a42efb775be.tmp

MD5 f9120bcee5d6f39e56784b3ad2b6ae2f
SHA1 7f511739903f5db4f221199976346a9eda4529d3
SHA256 9d66f924da0c0f43f6c0daa6524cabe921edfa98ca706ea8ae6988179515a821
SHA512 0cf10b69d1e0f492a0a63120dcb10e6c8d1ff8ec987b993c94793807faa18b2106213ee954989b5f7951f1f7feeeee160f485849a098face2e7e6ec1e0ee19f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\77e77bbb-769c-4df0-92c8-cee95e355f50.tmp

MD5 664d4f8728f971a4663c73c15bd582d7
SHA1 fddf49f0c0deca662e25e9a69d939c96b8b56f78
SHA256 949668b6cd0cb7c1c88f9690820a1e5912f25ddfda542eb059b3dfa0fb6cfbd7
SHA512 a5732c65e52ddefed122ec7584840fbffcd6823a338dbd1ed6afc69a13dddcfb6ec2d218609eff6896ac63da215d67bb1a001cfaa1934c85bdfef3bcc1e3c0f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 42e287f58d4d1a0618a4ea9c570c3af0
SHA1 342e51a6347f8c9422bbb3ca7db730b097476678
SHA256 f6bfabaa647f7f0de0db812dfde1fb9234176a445475b00bf0696b274ab8b665
SHA512 0ada2153f7e303ede33434a2f3099dbc16ee06a32f942657f16b17bf9813008a12b9d54bffdccb5265535f7b4e86c6570fd0432ca5b03a1995c81240947f0ebd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\258d67a0-3ca8-4234-a921-f2ed326c56ff.tmp

MD5 b5a747c7a7901c748627f8d6204fd245
SHA1 ac7a4b88333131eea240ed0401dce372a648a8a5
SHA256 c6306b034b3c849afde84559ce83ba88ff92fea6d40f59a42b5ebc2f51f146a5
SHA512 5254a3d035edeff0459bde7b6d0b539809b16dfb9739786a5cb85eb51778f09a10aae1ff7a1e48eef36ccc7569335d95064fed10cb8b949d24df168eadfee1d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 42e287f58d4d1a0618a4ea9c570c3af0
SHA1 342e51a6347f8c9422bbb3ca7db730b097476678
SHA256 f6bfabaa647f7f0de0db812dfde1fb9234176a445475b00bf0696b274ab8b665
SHA512 0ada2153f7e303ede33434a2f3099dbc16ee06a32f942657f16b17bf9813008a12b9d54bffdccb5265535f7b4e86c6570fd0432ca5b03a1995c81240947f0ebd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1124817b05ae7e58d5f5a64326c38738
SHA1 f72f041b4829bf82891859635738e5dc5431ebb1
SHA256 ff3078f2285a2c717c7ca9058c553017c380db65c8c57a23f2aa98a8d229e8ad
SHA512 691941f1263847856bcb625ed005829e38ff905dd81ec07a95118ac8aeeede6befba62e5731ce9bc649233017464a105553575516521bc00821709308268ced2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1124817b05ae7e58d5f5a64326c38738
SHA1 f72f041b4829bf82891859635738e5dc5431ebb1
SHA256 ff3078f2285a2c717c7ca9058c553017c380db65c8c57a23f2aa98a8d229e8ad
SHA512 691941f1263847856bcb625ed005829e38ff905dd81ec07a95118ac8aeeede6befba62e5731ce9bc649233017464a105553575516521bc00821709308268ced2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b5a747c7a7901c748627f8d6204fd245
SHA1 ac7a4b88333131eea240ed0401dce372a648a8a5
SHA256 c6306b034b3c849afde84559ce83ba88ff92fea6d40f59a42b5ebc2f51f146a5
SHA512 5254a3d035edeff0459bde7b6d0b539809b16dfb9739786a5cb85eb51778f09a10aae1ff7a1e48eef36ccc7569335d95064fed10cb8b949d24df168eadfee1d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f9120bcee5d6f39e56784b3ad2b6ae2f
SHA1 7f511739903f5db4f221199976346a9eda4529d3
SHA256 9d66f924da0c0f43f6c0daa6524cabe921edfa98ca706ea8ae6988179515a821
SHA512 0cf10b69d1e0f492a0a63120dcb10e6c8d1ff8ec987b993c94793807faa18b2106213ee954989b5f7951f1f7feeeee160f485849a098face2e7e6ec1e0ee19f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3d9c179008b70aa8b25dfc25ffdd5417
SHA1 2429158159f55ae44ec391d501f026c92f0cac8c
SHA256 92c241cb999b569a595097260dedbfb8984957d3d7e54e165495ae96a1eaaf8e
SHA512 e3f377521a7b835073a7c03acce18a674c8b1ed7894e33f390d2764ab81a3b2e58d175c0232aa0d6891ab1e7f92b260af6264fe0b97722cc58511648adfb1ad0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 02470ac385f83023629b78a971cc6dbf
SHA1 1b8bcac410b74d77fe09be38c7c5396ba1f911ad
SHA256 cd39681571336f1efe719357264c64c715cf25f1ebe0c9c4dbaaf68c4e43c0a8
SHA512 f8805c32499663d582284c53222071a37bc791ec470a3079621e67c46aa7b4fe9c26d50a245023163aa0f25157c453b9e46f454d0396ef0897373a71b1a0107f

memory/7896-313-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7896-324-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7896-325-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7896-327-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5780-329-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb81236bd1b8b76689f844a3f5332cf3
SHA1 45cac68085f9c4e6ddd30b9388165279ee448bff
SHA256 7f9214da697426c79ecd43e8e65db1c2d32ede5c1d275eb1a0362aad4b363f98
SHA512 8960249e5b0783cb5c66dba66f533533c72e29f700b560faaf8b5468586bc2000f25cf7d9cdbba4563bf952691dc75566ae7e5ccbd40d1486acdddd17eb88100

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15257af0ea4c4cbca1713bff146b327d
SHA1 e91d5ca58ad199c91d86b329971b232b52d70720
SHA256 0e9889de482dfdede3c0ed066b72efbb88f7d3cc5585a970d497c1e68efa64c9
SHA512 6cbd3204a6f593e8fcd99605dbb4ffb9cb33395a2b5d8a30ee4252677dc91c18159b402d88816a4a73604af8db50962d7e289c5c1fc9aff090b7a9e886d5cdce

memory/3264-479-0x0000000008520000-0x0000000008536000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 2b2393a31c97d66857b4e4f591d14340
SHA1 c23aeb7c407047b15e92ab405130a5103903c531
SHA256 5b82af07a733aea2f1c66adfa6920082f87ba848b49c6e9f7713ddcfefe9c950
SHA512 0abfed50f7501429071bb4ce60c95a598da8411db6669dda051c9bcb60e13fce38257c7b3d2b9d8fbc826574b25b318404e84136a47e8064c2061be7c15e49d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe584c66.TMP

MD5 e737bb1d94cdd21728cddcf7384a0865
SHA1 5036ab813295732f2c517e28e607eac8b685b7a1
SHA256 4eaa62e22cb1f027235047ae36141b76ec085dd3cf741eb778428c0b61ef678c
SHA512 73ea8a4b95a3d23ed018776b7287dd4f1927a369272c4d8176ed2b47fa1ef70d6beddc7dde45957e945137480a07e07dc79042949d12e0ae4c5ee7f29458e6bc

memory/5780-486-0x0000000000400000-0x000000000040B000-memory.dmp

memory/8692-589-0x0000000000400000-0x000000000043C000-memory.dmp

memory/8692-637-0x0000000074190000-0x0000000074940000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 082027642c2372e83d66abc5bfc390c6
SHA1 7c95f0a7abb3fc5cc42fdf577c05ed0546acd31a
SHA256 6ed788943e823e6335ddf47b1b3b17644dd117c2e9d9eb1b70f63f7efad2e19f
SHA512 39b392fb48b099da28254e51c5cffe0bab76bb71dc5fa3bf083072820ccd05cc24742145595f80380eb425c5582bf8b4e165624306de9db8e23dad1d0dad37ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/8692-663-0x00000000078B0000-0x0000000007E54000-memory.dmp

memory/8692-674-0x0000000007300000-0x0000000007392000-memory.dmp

memory/8692-681-0x0000000007590000-0x00000000075A0000-memory.dmp

memory/8692-686-0x0000000004F10000-0x0000000004F1A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8973cedb7ea6689714d2d9eb8498a4b1
SHA1 b1fe10c1850bce8be14b5fc5c4be87973acf7398
SHA256 4bb6450047bc285ad24669ce5dec5d4016503a3a93e7de2c35619cde568ca9b3
SHA512 ea17c00d335dacc8dbb4b12e9b3b0bbff849448ffe588e458b21a02b9c8c3d54a24d02c8f23c2925dd19d0a56cc7864c48a0f94263278720dd58397ac6ebcf5b

memory/8692-722-0x0000000008480000-0x0000000008A98000-memory.dmp

memory/8692-735-0x00000000076B0000-0x00000000077BA000-memory.dmp

memory/8692-738-0x0000000007510000-0x0000000007522000-memory.dmp

memory/8692-747-0x00000000075A0000-0x00000000075DC000-memory.dmp

memory/8692-754-0x0000000007540000-0x000000000758C000-memory.dmp

memory/8884-761-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8884-768-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8884-771-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8884-775-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6ed33ef645aef15d735470953e0150b6
SHA1 efd60b96fc6d319fc9bc0c3df243dcc3e3abb17f
SHA256 65bb165a4f91152d8e11ee1b42a2abf30ad04f64d427255745485e161a49c37e
SHA512 5a6e3810dc654336aa79b3aeba2a5b5a34294765324b3ea1f72b406555b348fd8fb0b2f87ec84d1698e0d3a4727e09a829a8424965f4d19d9c010029646df139

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588c5d.TMP

MD5 875fcf1af59fb0f97f3dd0e6764cc84d
SHA1 f7693489799595196489d70d034daab2a9cba997
SHA256 d973fd26bd402d6e33960d90204a9540c1df8befb6d100226b059137e387c9e0
SHA512 41ec00ccb83154842a899bfac3b0f778ba6c8b134d509501008cbfe592086e47df6e59cdcdd60cb8e3b46583eaa8ff3aa7bc5e40b8f5276ce27544c129bf836c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b301cefa-9f61-43a8-b635-7144cf769f0d.tmp

MD5 021c55b4951298b0f5685a345225b442
SHA1 1f7ce7d3915e9938690a060a4aba605db1ac6967
SHA256 e1a428ed2dcb1a97776b07552355665479b0546e45bfb19aee332964b55e9ca4
SHA512 e9f6fc6afe5fef7ebf88a405b1b86d1e4004cc70a9159d99e4a37f82a909dfee4040bc9dd7a46531432b8e0bff5c9a73645aa18f1286b83f20b28accbcda8799

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f28e0658895f6734db23b2e0c80f23dd
SHA1 0aa4384c0c9f33733afa7f65d92af6cbbfb14a69
SHA256 fbec020a60f031ac37f4f34fa2435e31f2f48cd12ea5f5f478715d5dfbc0924d
SHA512 5b46d7665296a6e5a3d2f5b8a71c540eb78d94af2a5ee8c76fec1c9e4e820d547db8ce7f8e0193c0ddaa50e68b1ecc5f9e9d42a927c8d6df418a7674d3250cdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589a76.TMP

MD5 4ebb3eb97b9970634fd76283fd2b8a75
SHA1 80a948e8b3847d69c5a2db958b0bbed6a5d12298
SHA256 b11d8872746963dccb0bdffe60a3003bae61c2323973d3e51c5328052e7d3f1c
SHA512 0a5211c310904d23f57a0366095c11807dc75ebaa4908797660f18013073a489175cf09f092cb8f468d77b6d13184297e945c04d1d2a821333a991148deb01fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fbc96290-b389-466c-a002-495e68071891\index-dir\the-real-index

MD5 dd63e3743216ccb5957df9e88f207c4c
SHA1 14cc34505ae5030d4a7d8e4f26dcc2e2dd4fa6f9
SHA256 8d14ef447d323ab92d17bb6ef41dca8c96a92cbcca1ca6987316a8f40916acf2
SHA512 4b11c2eeb841ad77bf8db47fa177899142b1cb641d945a134808ab27a5618b79e9800a39e70307bec1b6464ee13081f94649aac4290f82a92e495947e3946659

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fbc96290-b389-466c-a002-495e68071891\index-dir\the-real-index

MD5 19edcf97b9e77c9d3910343e8e4d1d3f
SHA1 fa30d9ea7ce18a7192ca312923901e4868c3b6d0
SHA256 ddf280e6721b8204e56d863160ae749571948a09873ffb5f116f44a31249cee9
SHA512 59785321b47fe820c3f52ef40f0e10f21ae02bcb584523703e5a0cb0c8543cc814f7ae5841ba0ffaaf5adb5daaf2f6abc925f23a8813224919b0d43bc310f7e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bb94bb0e4c9d04b13ca212509e820843
SHA1 e5204867528711d766ed5ec0b8ba8626694cf4e1
SHA256 86b8860d5f6d62e2f11cc3e479d34945ea69647e8ae02bb910eca639045d81ff
SHA512 cef8ed103d3302c25e08c938eb9038d5e5a20b591cedd6968f5dd2ce221eac5af116d72191a527f37da4fe98ae997a3347c6c0f0b8157752beea10329907f3e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd35cd8033c4bcdeaafdf36565799750
SHA1 27c9ddf0b60d989d62deaa99e92b0c7c9ab9ade6
SHA256 d0d44f18c863175e8464b50f4672fcfed0636e0cb7cb7715ae941c8d7218f548
SHA512 31ccdb817a67ef5e6fe3a7e87758161a5849c781937352f03d3ee1b9116bcb85500299f7266f7e0cf430f9a18b17111dfe9db9c077707253e26ac112a613e7a6

memory/9528-2516-0x0000000000540000-0x000000000059A000-memory.dmp

memory/9528-2517-0x0000000000400000-0x000000000046F000-memory.dmp

memory/8692-2521-0x0000000074190000-0x0000000074940000-memory.dmp

memory/9528-2522-0x0000000074190000-0x0000000074940000-memory.dmp

memory/9528-2535-0x0000000074190000-0x0000000074940000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ee13fadf4721e377046e02bfb34d734
SHA1 38df41b4e19dbd48d98a7795793db09aa5ae1c6c
SHA256 f154289f020ddc064a5c1b5555a9bc70f9a87cf92a9ba47f2a4fce81d3e0f391
SHA512 468bfc57fdfc908a5bdcf6bf40568fbc92196c46cdb923839e1bbbc742bf64e37abe93b56c7c18152a1770b47bcc1cf059e71343759dd31bd5d50fa12d275b8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6d1a374792d71cb9dd26ac79546722ba
SHA1 dd13ea797f7c5f1d23f691045e3fa49e78601bb8
SHA256 de18cde4c1561e9514b960ea93a7a84a3554f41f9f5a31137f66a4932076e4dd
SHA512 0b9d170c78e9a89822f80725a23dade4b8d8ce118247f14c83a5f552b71e27f007ed6b37a3c0d91e0bc6dad52c4f05edbfafcadf33a260acf007c6f934ac984e

memory/7224-2625-0x0000000074190000-0x0000000074940000-memory.dmp

memory/7224-2626-0x0000000000F80000-0x0000000001C1C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

memory/2184-2639-0x0000021376730000-0x000002137681E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 f13cf6c130d41595bc96be10a737cb18
SHA1 6b14ea97930141aa5caaeeeb13dd4c6dad55d102
SHA256 dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f
SHA512 ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 6f38e2c344007fa6c5a609f3baa82894
SHA1 9296d861ae076ebddac76b490c2e56fcd0d63c6d
SHA256 fb1b0639a3bdd51f914bf71948d88555e1bbb9de0937f8fa94e7aa38a8d6ab9f
SHA512 5432ab0139ee88a7b509d60ed39d3b69f7c38fe94613b3d72cc4480112d95b2cbf7652438801e7e7956aca73d6ebc870851814bec0082f4d77737a024990e059

memory/2184-2650-0x00007FFEC8330000-0x00007FFEC8DF1000-memory.dmp

memory/2184-2651-0x0000021378D00000-0x0000021378DE0000-memory.dmp

memory/2184-2652-0x00000213784E0000-0x00000213784F0000-memory.dmp

memory/2184-2661-0x0000021378DE0000-0x0000021378EC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 a98f00f0876312e7f85646d2e4fe9ded
SHA1 5d6650725d89fea37c88a0e41b2486834a8b7546
SHA256 787892fff0e39d65ccf86bb7f945be728287aaf80064b7acc84b9122e49d54e6
SHA512 f5ca9ec79d5639c06727dd106e494a39f12de150fbfbb0461d5679aed6a137b3781eedf51beaf02b61d183991d8bca4c08a045a83412525d1e28283856fa3802

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 ec0281f1fce4da6bee1bf2a234878f2d
SHA1 b663d65cbad9add324dba5f19c66ea8d6f56adc7
SHA256 4edd5bfaadec2b5d8da02cd27c78cf3423ea7932318a529346de72a3da66856f
SHA512 93691c748ce94dbfda56563f971362c928473c542a7cc47fc3685c0755ae14af7a265bfed58fa469e4ea0ad320f3c5084ca932b06207c2550c944ce0b0ebb0b6

memory/2184-2682-0x0000021378EC0000-0x0000021378F88000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f8b63186-0329-4358-9461-a89aa1eb6a56\index-dir\the-real-index

MD5 bc203776f76ade0ef3b1f7f9d7777328
SHA1 fb076d2e4f199da3c063cc214b381ad7168faba0
SHA256 0e7da3c17f435dc41296fe1b293573fa138c09487d806eaefa86280c2e631d65
SHA512 e16f28b6c1b4a99806173c6302508e7149d7809a56e11afe4d1d506d33c1722c636c83816a47eef36bbb2501d6937075d1b2406938c6513cd1621c7019a254ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f8b63186-0329-4358-9461-a89aa1eb6a56\index-dir\the-real-index~RFe592418.TMP

MD5 dff73ab8b01c999bff1cba237c24f011
SHA1 4737f8150fe7a4891d12bb149b2b0f668d0f28b5
SHA256 9e53b710f0ac531896a55a73ea3a25d4091a3fe940186fd7c2dfe14e1af7484e
SHA512 ce0cb5a65d877cc200dd4682e04713a6e90c64ab126996fc538e3e8e492ed75ce0fc0fb067cab60837b6a6ff3660b339b9a39c6d7e41cca7203e0c4cb5adc145

C:\Users\Admin\AppData\Local\Temp\forc.exe

MD5 02d1af12b47621a72f44d2ae6bb70e37
SHA1 4e0cc70c068e55cd502d71851decb96080861101
SHA256 8d2a83ac263e56c2c058d84f67e23db8fe651b556423318f17389c2780351318
SHA512 ecf9114bbac62c81457f90a6d1c845901ece21e36ca602a79ba6c33f76a1117162175f0ace8ae6c2bdc9f962bd797ab9393316238adbc3b40a9b948d3c98582c

memory/2184-2690-0x0000021379090000-0x0000021379158000-memory.dmp

memory/7464-2691-0x0000000000B20000-0x0000000000D4D000-memory.dmp

memory/2184-2698-0x0000021379160000-0x00000213791AC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/5956-2697-0x0000000000E40000-0x0000000000E41000-memory.dmp

memory/7224-2701-0x0000000074190000-0x0000000074940000-memory.dmp

memory/7188-2702-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/7188-2704-0x0000024567750000-0x0000024567834000-memory.dmp

memory/2184-2705-0x00007FFEC8330000-0x00007FFEC8DF1000-memory.dmp

memory/7188-2706-0x00007FFEC8330000-0x00007FFEC8DF1000-memory.dmp

memory/7188-2716-0x000002454D680000-0x000002454D690000-memory.dmp

memory/7188-2717-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2718-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2720-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2722-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2724-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2727-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7464-2726-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/7188-2731-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2735-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2739-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2742-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2746-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2750-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2754-0x0000024567750000-0x0000024567831000-memory.dmp

memory/7188-2759-0x0000024567750000-0x0000024567831000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bfdb309b7ec59ae07fc8cb39c5d88d38
SHA1 7574d2da72d40ba8a4118815db9057bc30ceb485
SHA256 903e46bc7cc7c481028242148dab8b0f680942c34d3a0df9062398150d0e38a6
SHA512 e778471d3b2e98422e1e277e3e2617a10de05cf84652c05c8785d3ba7ce9cce77b7f5c7ae8f3434237efa469082b5249174c3972294967470ddb13cbd7749816

memory/6828-2861-0x0000000000A90000-0x0000000000B90000-memory.dmp

memory/6828-2864-0x00000000008D0000-0x00000000008D9000-memory.dmp

memory/4204-2866-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5280-2900-0x0000000002AC0000-0x0000000002EBC000-memory.dmp

memory/5280-2908-0x0000000002EC0000-0x00000000037AB000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/5280-2920-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b761533d12fef9dfdd5b3934293c7130
SHA1 fd48a302919ee7849637f72f5dffd61f82eec92c
SHA256 e3a05288b4edf469b70871e48e714706765ff2291d95d1abb39e80fe52c3a46d
SHA512 cd76acbe29430f68f147dbaf3154276b1a49e955f6c630a1830f30ae2d1f3a8f48913a134c5abd5550cfe606af12b12bd5fcbcaa647181e35576a02200f9ff1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/4204-3023-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0be6f4f8e4513130bba9ea870104ad97
SHA1 9a8ce0df39ea635355d1812000af41c4b1186b86
SHA256 b2865259748c32bc2d9c013fa3f95d0cdafec8c4a91d036e2b37eaae332b90a1
SHA512 7eef1e7bace39bfbe3211c29492fc5e64201b8c0ff7b75c887ea942526bb42a31c869f7f694501d08035ccde7a580dc3a123962b8d41ef3f550fc9ee34e3bbf9

memory/7464-3069-0x0000000000B20000-0x0000000000D4D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 43a5a67765a9298697a5989f18fe4d0a
SHA1 1f2b0bac79b6fec17d8b91b537ea9a579a9ad6c2
SHA256 a59c75f2d23b4aaa85af78c7f5c718dd97ad9d1b4b12c35cf39fe6412b2c9881
SHA512 c25a5105948488a4132e63980c267fd3e417c2dded21921ac412a477f705499dbb9b17b2b8054f61a29001951123a2765db9459850919729394b4c14707f1cb2

memory/5224-3524-0x0000000002230000-0x0000000002266000-memory.dmp

memory/5224-3530-0x0000000074190000-0x0000000074940000-memory.dmp

memory/5224-3533-0x0000000004E30000-0x0000000005458000-memory.dmp

memory/5224-3532-0x00000000047F0000-0x0000000004800000-memory.dmp

memory/4612-3538-0x00007FFEC8330000-0x00007FFEC8DF1000-memory.dmp

memory/4612-3540-0x00000227AEC10000-0x00000227AEC20000-memory.dmp

memory/5956-3543-0x0000000000E40000-0x0000000000E41000-memory.dmp

memory/5224-3545-0x00000000047F0000-0x0000000004800000-memory.dmp

memory/5224-3556-0x0000000004D80000-0x0000000004DA2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_opvqkyfy.fqr.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4612-3566-0x00000227AEC20000-0x00000227AEC42000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d85cbf9dd9ede022bda4c45c1a673adb
SHA1 abd1457c3af2f7f0b48d3e971bf8073828271b62
SHA256 bc0b5dd4f6f6c0a49af8d7ab5414606a51e264892b059e7638929c3854b7ebe4
SHA512 b6b1d518a9dfdae74448e535a52f61a141066ceeae1a332235c029f6779b88aaf6097882176b5389a48ec4f68437cd2a8dccfc487302e16046eea7ee5b437c2f

memory/5224-3590-0x0000000005540000-0x00000000055A6000-memory.dmp

memory/5224-3574-0x0000000005460000-0x00000000054C6000-memory.dmp

memory/5224-3600-0x00000000056B0000-0x0000000005A04000-memory.dmp

memory/7188-3623-0x00007FFEC8330000-0x00007FFEC8DF1000-memory.dmp

memory/7188-3625-0x000002454D680000-0x000002454D690000-memory.dmp

memory/5224-3627-0x0000000004910000-0x000000000492E000-memory.dmp

memory/4612-3653-0x00000227AEC10000-0x00000227AEC20000-memory.dmp

memory/5224-3668-0x00000000060E0000-0x0000000006124000-memory.dmp

memory/5280-3694-0x0000000002AC0000-0x0000000002EBC000-memory.dmp

memory/5224-3696-0x00000000047F0000-0x0000000004800000-memory.dmp

memory/5224-3706-0x0000000006EA0000-0x0000000006F16000-memory.dmp

memory/5224-3734-0x00000000075A0000-0x0000000007C1A000-memory.dmp

memory/5224-3737-0x0000000006F20000-0x0000000006F3A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 68782bcf3bd9fa890b6689ce4f9e2042
SHA1 1f936cdcd82f83332899f916cb03cef98a580c5f
SHA256 275381c1c62e9a1fd94d1cf7ac61f7d480293292138563d943ceff253a40a21b
SHA512 ffde5484ae80621d75228875b23e739597bc7c2762e37b48edacc31fa03e6c203611e3d361bd648c2d74349236df53cf302ba42bb3a154df4cf940ff282b2686

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d7f5dddd3220c059f2c6524b75041d99
SHA1 6c0bfd5a3cae158c171e065c095d64abb89e5324
SHA256 63b86b6598e088f1bab0a0cc6dc552118f6c553d0f94991b2b03aaa8e21d3bf2
SHA512 406f11671e86d2f91c3376542e153f3023c2804e9c25244ca20cd2d79044fc0a9bd4de5dc1b225cf4b282b61389f161044d9e4de882ae39a63da2566e7bcd647