Malware Analysis Report

2024-10-18 23:12

Sample ID 231211-a7zlfaaaa6
Target 3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf
SHA256 3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf
Tags
eternity privateloader redline risepro smokeloader @oleh_ps backdoor paypal infostealer loader persistence phishing stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf

Threat Level: Known bad

The file 3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf was found to be: Known bad.

Malicious Activity Summary

eternity privateloader redline risepro smokeloader @oleh_ps backdoor paypal infostealer loader persistence phishing stealer trojan

RedLine

RisePro

SmokeLoader

PrivateLoader

RedLine payload

Eternity

Downloads MZ/PE file

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Unsigned PE

Enumerates physical storage devices

Program crash

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Runs net.exe

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious use of UnmapMainImage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Runs ping.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-11 00:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-11 00:51

Reported

2023-12-11 00:54

Platform

win10v2004-20231127-en

Max time kernel

127s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe"

Signatures

Eternity

eternity

PrivateLoader

loader privateloader

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

RisePro

stealer risepro

SmokeLoader

trojan backdoor smokeloader

Downloads MZ/PE file

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 7348 set thread context of 7456 N/A C:\Users\Admin\AppData\Local\Temp\30B8.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3996 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe
PID 3996 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe
PID 3996 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe
PID 972 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xs38jJ2.exe
PID 972 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xs38jJ2.exe
PID 972 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xs38jJ2.exe
PID 972 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe
PID 972 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe
PID 972 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe
PID 3996 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe
PID 3996 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe
PID 3996 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe
PID 3408 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2276 wrote to memory of 960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2276 wrote to memory of 960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 820 wrote to memory of 3884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 820 wrote to memory of 3884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2616 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2616 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 852 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 852 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 5268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe

"C:\Users\Admin\AppData\Local\Temp\3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xs38jJ2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xs38jJ2.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 768 -ip 768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 608

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa0c8f46f8,0x7ffa0c8f4708,0x7ffa0c8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15562341293989294166,5858062921507178311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15562341293989294166,5858062921507178311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,15448278488668998044,3806932746888306335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6412581049182219465,9300546916813667040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,2957695174128125420,12829569102177755839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6412581049182219465,9300546916813667040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15448278488668998044,3806932746888306335,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,12737373302691710794,3616274871857986843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,2957695174128125420,12829569102177755839,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,12737373302691710794,3616274871857986843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16922338434806959776,14608003730678609896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6632886439220888459,8684403511904933309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16922338434806959776,14608003730678609896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6632886439220888459,8684403511904933309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12338148969201732044,13528870735813804603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12338148969201732044,13528870735813804603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17795719792762219822,13832453288313895808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8012 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\E9DE.exe

C:\Users\Admin\AppData\Local\Temp\E9DE.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\2780.exe

C:\Users\Admin\AppData\Local\Temp\2780.exe

C:\Users\Admin\AppData\Local\Temp\30B8.exe

C:\Users\Admin\AppData\Local\Temp\30B8.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\3349.exe

C:\Users\Admin\AppData\Local\Temp\3349.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "AppLaunch" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\ServiceHub\AppLaunch.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" &&START "" "C:\Users\Admin\AppData\Local\ServiceHub\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\tuc3.exe

"C:\Users\Admin\AppData\Local\Temp\tuc3.exe"

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\is-OJ13K.tmp\tuc3.tmp

"C:\Users\Admin\AppData\Local\Temp\is-OJ13K.tmp\tuc3.tmp" /SL5="$80226,8423542,54272,C:\Users\Admin\AppData\Local\Temp\tuc3.exe"

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Query

C:\Program Files (x86)\xrecode3\xrecode3.exe

"C:\Program Files (x86)\xrecode3\xrecode3.exe" -i

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2972207793215721164,12777337261412672082,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2

C:\Program Files (x86)\xrecode3\xrecode3.exe

"C:\Program Files (x86)\xrecode3\xrecode3.exe" -s

C:\Windows\SysWOW64\net.exe

"C:\Windows\system32\net.exe" helpmsg 1

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 helpmsg 1

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1

C:\Users\Admin\AppData\Local\Temp\8CE4.exe

C:\Users\Admin\AppData\Local\Temp\8CE4.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 accounts.google.com udp
US 92.123.241.50:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.paypal.com udp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.facebook.com udp
US 34.196.45.42:443 www.epicgames.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
BE 74.125.71.84:443 accounts.google.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 42.45.196.34.in-addr.arpa udp
US 8.8.8.8:53 36.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
GB 172.217.16.238:443 www.youtube.com udp
US 54.87.226.161:443 tracking.epicgames.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
DE 52.85.92.12:443 static-assets-prod.unrealengine.com tcp
DE 52.85.92.12:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 161.226.87.54.in-addr.arpa udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 12.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 104.18.37.14:443 api.x.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.69:443 t.co tcp
GB 199.232.56.158:443 video.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
RU 81.19.131.34:80 81.19.131.34 tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.131.19.81.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
GB 199.232.56.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
RU 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
IE 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.200.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
BE 74.125.71.84:443 accounts.google.com udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
GB 142.250.200.3:443 www.recaptcha.net udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 sentry.io udp
US 52.203.174.160:443 www.epicgames.com tcp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 160.174.203.52.in-addr.arpa udp
GB 104.103.202.103:443 api.steampowered.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 c6.paypal.com udp
DE 52.85.92.73:443 static-assets-prod.unrealengine.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
DE 52.85.92.73:443 static-assets-prod.unrealengine.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 73.92.85.52.in-addr.arpa udp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 35.186.247.156:443 sentry.io udp
RU 81.19.131.34:80 81.19.131.34 tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
BE 74.125.71.84:443 accounts.google.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
MD 176.123.7.190:32927 tcp
US 8.8.8.8:53 190.7.123.176.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dN9sn36.exe

MD5 85d0b40fbf9a007a21c2ff87eb9e0218
SHA1 0f5992641e9ecb98651f75d11c44963f177c8819
SHA256 53b2cd2abb25d52c7fa69765aa96342fb48486047d7ac8e0f968288ac04338a1
SHA512 9ed2a9099888299e00923acd7ab903c3d633e6c0b40334277b4ef0aae5b5f2fd4143ed4cd5819a89b8f08a9d5501b64bde249ff1a59faac3cf3261edc5b75917

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xs38jJ2.exe

MD5 caae21dd2be86cdda7c1ca14593e70a7
SHA1 6e517b18674423a3bd141d39faa826d47185d790
SHA256 b79d7f83c10a1900feda33d1c0cc885901e27397b2c1cafda0eac417da3e5e8b
SHA512 866d3643aa19753cdf6ea458cf6aa3a379efa7801e0f84ac92d31b54dab6d2f885d8f4d631a94e7de0ead92d79ae7e620ddd2631903fe09f27a525ab50393e5f

memory/4880-16-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Qu857Gb.exe

MD5 ee5ae57c76dbb7ddf7f4fbb01f011858
SHA1 ee54d294a2ce9cc1aeb60b2b8c07af8df99fc452
SHA256 5bb990df002a0072797b82cebb1dad644ddb88302fe711d8965c9b82ca230148
SHA512 da26a9c8f1189f314ac630b8e898b2531bfec0b85192cd62f02f6357b7b543b34c9066ac1c32a4808302809f0444f04977d7ed64fdcd1e9068a7a4d1b6ec74cd

memory/4880-20-0x0000000000400000-0x000000000040B000-memory.dmp

memory/3220-18-0x0000000002CC0000-0x0000000002CD6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6IR2rv7.exe

MD5 0cb4f76aa38157fa8564a91c7057af68
SHA1 05ca6c06c14d947c77beb73f296f4100299f1a6b
SHA256 6b58c06fd9bfe42519d89d649634554f25dbadd60eab35f9b7838a8b83296450
SHA512 044691d6913ce8324e905736bae2f315bc1acbaaacfd92235d82cfbbc8fb35bfdcacb865334436bababcbda37e3bc488574a7c40a7cdf52205ee72a57547116e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5990c020b2d5158c9e2f12f42d296465
SHA1 dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4
SHA256 2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643
SHA512 9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 208a234643c411e1b919e904ee20115e
SHA1 400b6e6860953f981bfe4716c345b797ed5b2b5b
SHA256 af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458
SHA512 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

\??\pipe\LOCAL\crashpad_820_ROJKUGICFQEMBRAE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 114634b639fe4fac5bab6b79bf1c41b2
SHA1 165abc1b777979226d574d0983b40d67d296822a
SHA256 477bf73daf89d413a099ad45eb1d6314ee98bd8224514d4b134837d843e9ff65
SHA512 531b53772a6d431413723ea2ec646672b73bd3af2d69f9ed6d38d6687a57e84d0103b44d878feaa185d04bd0bcf639a14bd253f922529541bd355e6bbdac4621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 000879c0b802ef870c8911ffe8156d37
SHA1 337cb5bb03f1f3031be9117f3493fa58650d9a59
SHA256 5ab0d213a26d04a5a3858a97580b903f47a9fab1f839a2a489ae30e23f7c6b9a
SHA512 a38ba821cc5b41c5745cfd394e87aeb88a4e060eab665923c719d3a1929143770f11d988e545bfbfb97dadd68170e667960d3804f05f04a4b44eab9b3b4d2a22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7f078015-a2b4-4967-944f-51df8902282e.tmp

MD5 72537f2779330f436fa5bd35a5e083c8
SHA1 42d39a595223e4af2a43fbb675c12acbafd67d14
SHA256 f99c7de3ab58b3ef8f3dd9a6ca9d58fe33549d62dca13dec23ecce7dfbabf87c
SHA512 45323b834493c78077055a7abfedef5741e1b163cb0f31f94ad863e6a830d8d10e685119a0c6f834a19a96cc3487ed0c543f16c35d47676752d743f5688c5370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 99407653d178ea4a9c908aae588995d5
SHA1 94cecd23e75f3729bebe16415204e1403329b92c
SHA256 b847800b38e18ab77d84c37c0df4ed311684d67a60d0b5266e7b68890a0d14ac
SHA512 5ede1cea31b39a54323dd3c05bdef637af5e36850f80f959cbac264cf6232be7a6e386c54e0d801b0e171dce43c7fbc4c81b1ef70f0ddc56b89fa4a1403666e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e6d7ea4e4ff3a6aa59b2df7c266de19c
SHA1 4ba0d2c8c26c0dd0ddfdd271da130a0093490ed0
SHA256 6e6e01c9046341b776736291e431cf8df4261cac6b30fe2e85e182cae660d883
SHA512 9bdb673a72080b2e5bd9eb32cf03d0e4ee52c708bbdbd1394d26f85504b65a92fb9408ebb173685b46b671d3eebf8101ae76a9960695142bbd94f22b68e3672b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ace963c0737de0b34492772844f6f0a2
SHA1 f71bcb2281951cc8992be2f8e64e44d69a98f467
SHA256 0efc9037a205216f66c02c17f54fe16cd8ec8a25a091a49a73163e79b17cfb3a
SHA512 526be262526e322460c62a90447a9e5f3cfdcad8f2f7a17225defc1731e6af9488e15aeaf1b04c173aef1645325605b55070c541857ec2511ded15c89bdcfcb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3a02d702298f173715ea051df0d8fa4c
SHA1 b85e8251cf47a9a463d0003232ebe4999746cffc
SHA256 105da49f6a34bd2a8e1cdda60d47f9d232b624fb1c0a6b29ab31307cc5f0390d
SHA512 54d9ea403cccb230b951bc1903280901354d7bef2e35c22157c1c88af1d3fd209edae24ccd631f2bc5f0ffca2e18b92c1e34126cd0d32f1825ff12b34b0f0392

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 36743f2c6102db02dd788986d45adc14
SHA1 9de2035accc5b31142d119ad1243ba43ab4a870f
SHA256 f635005dc1d75168dc2848681d0b797865f69e4ec1dd8865620075abe31ae973
SHA512 0909502f38dcc0b5df146044861298ac7a21880c2e6b06216730f34bf6d7c773d1072d3fddad7dacf18ed36a60035ffd7e1b7e647d0daedb0af10d921e02aef3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e5c7f9f002e5b6c941193a7c8a80b298
SHA1 56b3a3ecb884b5909033e366ec555c74c723581f
SHA256 aaa31f0c4e15b2843a0a80b3f29d67b4c11dbc468d71742f5498a07e4052f92b
SHA512 48d1f7481c6376ce1922e05c3e7da13a31b6605dc5059f97ecef1f3935c7f9a29d07947bb92ed82f8c726d55f097082d0ebe9b835e85cb47c49b70d5d3ef4b41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 18eb5173bccbc3eb2b710f41ea729f5a
SHA1 f45d43fad98d502c98163ecb730ad57a4963e254
SHA256 bc4edede20172b06aca05f4cf6ef5922f96a63bfb2e2cc1a94771a712651804e
SHA512 dd74d33016bc229a36bc0f2afbf836ef2246523035a7b9bfc89344bb67222cc3d4c1c84205f79b7fd175d6c837bf5e91b779ea0db809debdb594342d5a2475cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0089e20fa3fccd46d8ad5bd0d39c4ee5
SHA1 3da4450caa90b67f406e68c89312e4d1605fcf28
SHA256 0585740b8bb4deb7c01e887cc44ed0a6f441916c7dc46338acd3212504d9e77c
SHA512 c5d90a6c142aff12b4c95662226d944dcb30de9fe2041844916fcbed6b021902ad7fd45982e33929a9d632022cdffc2b4cd0c577f3ddf5bb0a96be4ec333bf9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 388de723207d27390fd0c3ef676ce5e5
SHA1 da58cfdb155d45d42c1df0d136ecfe79f9f93f95
SHA256 686c52826632d0446cc47957180073f3da6568590455b92cc12860992e01ce27
SHA512 5eeded33af30c8599a4e805fe22003f2cbdb7a4a14ff7a77c161957237ca58fd67314748891fe3b84cb88efedbb6eaf1d15b5f0ce9c590a20b20999dabb46ca6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5a6206a3489650bf4a9c3ce44a428126
SHA1 3137a909ef8b098687ec536c57caa1bacc77224b
SHA256 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28
SHA512 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 03faeabe7f847b578fef41ff0ed6108b
SHA1 12907fb738cc6b7dd770d079c25d4d9c9a2ecc4a
SHA256 817ff8bd93bc124c9fd35427f90c111970bba148d05bc9bbf419c39e690e9b79
SHA512 cd656a26b650d9d3e39f921ff19a704fd5bd91b7f9ec67f192b5ab546b6dd57a8b160367656948909c7a8731bb39ed0675364a20e914d608229078e00ede9fbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5903fe.TMP

MD5 af16ee4f169e39b10a3f95a427c89261
SHA1 156ca52bab8439e0660ddad2d885398abbffa9cb
SHA256 bc3a76e81e2900002f19d6ee454e434dd7bd651ee47156e5f20742510bd0d2bc
SHA512 58b84329c503bb421af31ed48ac9c233c15bec9bd49c1e5760d0f608f4f00bc8fd6c74b8bbb11796fec5f4c4d9222ef9b23e0c53841cddddc17b24263d3b34cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 516cc71a42a9a10f8cb9803ff7048945
SHA1 05ea475c095a29cc1eab34716e6c42347a99043b
SHA256 aec8699add84c8f6fa589ad02a5e6b611131a1900f9fdf861f785b3f38944ccd
SHA512 6d6ba4f7654afbe103b78a8787191db294ef0654a8d7b3db16f6ef3cdb41b507b0a7489699a485f7b70bc045c27100f8f7dae4831710331d39b2e86016570d5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 909324d9c20060e3e73a7b5ff1f19dd8
SHA1 feea7790740db1e87419c8f5920859ea0234b76b
SHA256 dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278
SHA512 b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 d55250dc737ef207ba326220fff903d1
SHA1 cbdc4af13a2ca8219d5c0b13d2c091a4234347c6
SHA256 d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd
SHA512 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 719bf5e16e3136db8f4414cba0d777d7
SHA1 863e1fa00923c0188e9b81c3be6cc1c2089eb449
SHA256 ae7f28f25b60c1be0d566ff53458a6ddf451c38568a8895e05d650ea5061a13e
SHA512 f6511906a23dc5145e14511d760795f0955a5677e9834d5deaa8c9df78dfc1c3d079f733c3473bcc0f93d28bfe163602ded44999e1e9c35f78930cf3d188bd9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 919097a45644f4da2d43512aba9c76b9
SHA1 23ffc5fb283af63edb78eab40a868093b54c79e4
SHA256 8277e8d3b647d3868610dc6d540caea93310b27400cf49b3c5020cc1eebe3a5b
SHA512 077ad2f6436f0a5d0c967ca36d54b2c29ad717c208696611d7e237760059e91fc77eb3741d0d5106f07f8bc671dea8e1d6ebf48359c305c5d25583413c747b84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4d5df56c8ae131e0c0b9e7a76228564
SHA1 cb0a6c3588d88611e7aa061550dff075ce6a6ac9
SHA256 2a7f4577443135b9503cd2063404f0d91aeb06f96d394829baba6eec1f9ee3c9
SHA512 3df47d4635544081ec1d6a7838892507ec46f9d21e016966cc928c724b37ea69d66a753d70c61531a5ae635e73f5667d3377d01b75419535205ee90b62e48f74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e0df9f5c79e7baac0b1a17ac274901cd
SHA1 775c850130c81dfbea2fc4f3479a9fbfda523f52
SHA256 70a53b90b694f7774b3185db21899b31f7e294018f689e2464874c06a53a1bb8
SHA512 b44b01e7f09f86e80d1615d3bd043af8a257d4a5509f222785314d556cafeeb836daac3f644f743abaa1c305c2efff738356fa49b85fbbbadc59c2fa6198c60c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5cb69d83fde19463e13fb17798d3332d
SHA1 bf999e68be4d2d0ebdcacfe489fad6723d3c39b9
SHA256 7a7f005169be3585c79fb02fa5d715c6535a4446cdb2796ff3149d75fec0db8b
SHA512 972e051985a29d6e3de58acb1d0cb1d89d9dfbe22ca8a9c5c79dd2fa16b0e0c2bab53926337ebd0de1a0194d296149f0e24927391bd1572d3944cde0f0c649bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3da0ba4fb6a14dae069f5799837e8b47
SHA1 f61c11d566627f626808c06775ef9b5cf87cd50d
SHA256 647eced9c8a9407bb1f14bb0854b7faae31f13bc9560d71bda2c261d0887733f
SHA512 d18d22a500fe3ef47a94f086203730481e366dadd0ebe7ffd9e65a7a415f1a259182ba959b7edbcf126208e7777c14e81ed7244e45f02855fecaf28996e978a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f63329e01d659a4820240169af3a8ae
SHA1 1e4cc86174c5aae6b0be7759b73cbc93f776bc4a
SHA256 21be86ebbfe17c4a7384c69384e6b3847254d46871aca41497aa6753895ab74a
SHA512 e976b6720c281431dc7ea145d3e4d7acdbe81026908e2303ba16c1273566e19ee522bbb7ecd5999ea3406ba7a2ad7aa0a601d302525c1729ad878b20f354ec30

memory/7456-903-0x0000000000400000-0x000000000040A000-memory.dmp

memory/6872-906-0x0000000074BB0000-0x0000000075360000-memory.dmp

memory/7456-907-0x0000000074BB0000-0x0000000075360000-memory.dmp

memory/8992-908-0x0000000000290000-0x00000000002CC000-memory.dmp

memory/8992-909-0x0000000074BB0000-0x0000000075360000-memory.dmp

memory/6872-910-0x00000000006D0000-0x0000000001B86000-memory.dmp

memory/7456-911-0x0000000005B80000-0x0000000006124000-memory.dmp

memory/8992-912-0x0000000007060000-0x00000000070F2000-memory.dmp

memory/8992-925-0x00000000072E0000-0x00000000072F0000-memory.dmp

memory/8992-929-0x00000000071F0000-0x00000000071FA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

MD5 77471d919a5e2151fb49f37c315af514
SHA1 0687047ed80aa348bdc1657731f21181995b654c
SHA256 52666594a3e8bd7ac277411e215e1f65a7771f7c1d5b00a9e6ec95fade64f1f1
SHA512 6ffb45e79b03bac2820c98503793cd11c13803f49522eea9334c4c6cd05384dda3a60b0a8a8f363abc439ad444f1a8da290f0350fa69b75b6c3c9701177f8844

memory/8992-960-0x0000000008100000-0x0000000008718000-memory.dmp

memory/8992-966-0x0000000007400000-0x000000000750A000-memory.dmp

memory/8992-972-0x00000000072F0000-0x0000000007302000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 cde750f39f58f1ec80ef41ce2f4f1db9
SHA1 942ea40349b0e5af7583fd34f4d913398a9c3b96
SHA256 0a434be25f55f27ce0adbdfb08efeac1da01125b3e9194a94669bc7e9c6fe094
SHA512 c181faacbef70f8a91606943470af50cfd443958c48601051371ff5d9bf66bb9ec794571b05a347a7f5776f06484dc007f535591d2f5e1c57e3c0ee04f3e9580

memory/7456-973-0x0000000074BB0000-0x0000000075360000-memory.dmp

memory/8992-977-0x0000000007350000-0x000000000738C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 db7cea14da34db0b4cf2fc3b40a46a5a
SHA1 32b621293e6366b45e2dcffe40b590bb985a9ee0
SHA256 e84e93c12bcbbf578467c9df3d68908e150ae82e74d8073a6ede2be977f284cf
SHA512 a9a64d63ebe5bcd1342e51e3f461eae3d2ef03c375a692a9fd59bdbcef9ff70d535e0ddf668c20797741dd86a3d91a9fe6b623c1d06c03c8b0c47a11793135f0

memory/8992-983-0x0000000007390000-0x00000000073DC000-memory.dmp

memory/9004-987-0x0000000000B10000-0x0000000000B11000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tuc3.exe

MD5 ef2ca2474315d4eba957c6bd2b031cc2
SHA1 b3bbc9e287cb3030170d2c3e726498d23cf729f5
SHA256 4f0484833fe42498719df309016e656332af9875bed05309c911a52faab233ff
SHA512 8c4463596876a5ef5d011f3e01544652bff573f43d585b982711b008e7d3a4a4c3bb6a5238317f0dfff711d51e1499bb0e270dd15bd32ecc6bdbb96e7d64b36c

memory/8448-994-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 a71d6775f09792525cf81858cc028f9b
SHA1 092fc2b527818b0b450d172a687c8b3dd866e64a
SHA256 e5fd38881f2a4242c8c200615e1ac32aaf65130b4cd32a1b2fa1bf8749f631eb
SHA512 29e6b61f221e3965ca90b7717ac86e832be23a539b8a9d44a20227f9fabedf3b6c2d569552ea190339a74d9eedd37715090832d1019d4f37e4050276437303ac

memory/6872-1005-0x0000000074BB0000-0x0000000075360000-memory.dmp

memory/3900-1018-0x00000000020C0000-0x00000000020C1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 679d6e9a77659f3acd036cf492a48a88
SHA1 b0c5186dd33f2b3d17d7aeb495e47b6a2ef74e21
SHA256 2042f7b187a4f2bb82aa77b4fc8e7bbd000131f146cc1ce4e8e14ca9b63bf671
SHA512 c95d19b78d11f12e1e755edaf3757690ede01dccad089825cab2ce61c8cdd7dddd20af158567baefe689865eb569cc8bf50a2977d03b7e0f22374d0ba163d5ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e55da836832a03beb3833e65592ad5c
SHA1 e7faef38b02b3ae0be2e380800cc607dbb6ac904
SHA256 74823930288c5fb89e9608a848560fd2e07eea0b8cd3772840eb4613406aff04
SHA512 11054a9b5400aa508cf704c9117a729fc2b38516d229840908d74882609b8e2f2c29f347ad7d29079ab0dfcc310c5523405720ecc5384e14f8966f666948cad2

memory/6552-1166-0x0000000000400000-0x0000000000785000-memory.dmp

memory/6552-1167-0x0000000000400000-0x0000000000785000-memory.dmp

memory/6552-1170-0x0000000000400000-0x0000000000785000-memory.dmp

memory/8992-1173-0x0000000007C00000-0x0000000007C66000-memory.dmp

memory/8116-1172-0x0000000000400000-0x0000000000785000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1e96f44f2e75e1dbd65497d4ddb9983a
SHA1 707e9fc5d459622ae7c9f3277d3d2e41ccf79281
SHA256 72ed20cd98d68b0e3970731165d43078819319d649c9f1c77e29ec04bf7f0a2e
SHA512 266f4bd608b03df7e895bd88efc9b8cdee954554343862f2d29a72d2873d625aefc61267876f5928ed66a966f1b1538dfd1a717411a761d731a8f0ff8408db7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a7c46.TMP

MD5 204eda8364a1c502a8428c33be13baf8
SHA1 d836d5f8e52e4d567bfe6e0b9ee7ec2d5db6d551
SHA256 6d0fde75870e80047f18d5a0c928aaaad0360ed60c1e8fd6cded41b43676434a
SHA512 03a72716e359c38ea180b20f24b69dd7a4cf38b0f55c17ee71d1a0bd2132bed770594f677e846f2774734bdc694a8e9efd4b835688a66afe5d6225c59e2f096c

memory/8816-1200-0x0000000074BB0000-0x0000000075360000-memory.dmp

memory/8816-1201-0x0000000000160000-0x0000000000712000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 97b71f01d5d10af8f19db2fa4d949239
SHA1 de43403501a29dac81b2b3c000b5fa673288c86f
SHA256 b397cb41630dc5563c802ff31f66e346c9fc5f1d4453c04be021b6aa7834f8cf
SHA512 7a8c627685160a6f2d3edcded010bd6820e525ecb18f1e97f3ab630337077f8f92a7e062e6771a86a73fe8fb8ba49e30a70183c559d9eb47e1f22863fcd12c45

memory/8816-1223-0x0000000005280000-0x000000000531C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a9348.TMP

MD5 2c6258b047aa91629cded0f70b5b612b
SHA1 0f43eb0dbd3f702a02129e1eaab048908252d374
SHA256 5cb3a64f12f2351810fb78128d487aa510f2d658213fb426cca92e0ccd7a2aae
SHA512 caa446b98d4f6ecd58e35dbf5fd3128055e708117170b2a42293406b9081231a1f9eb761c1f7a02d0de902d596337cbb0b209de7b2300330e5d53af28a6201c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8ef6fab72ac10f753fd1edfc20185c23
SHA1 489f9b52d2409cd5b8b2530e8141c7227a178953
SHA256 9950fa308de29b8008edf8261611cd077dcacdbaa63d4abe5687ac82ac672310
SHA512 77000c828381ff3edb4064cab58afc3fc24aa2fcf136eb19882b47ec5e3183c8321b98844d6f783271da198a8c4228e3bd4a0af7f1b13e9d9f1d4c0b85649f32

memory/8992-1224-0x0000000074BB0000-0x0000000075360000-memory.dmp

memory/8816-1225-0x0000000005260000-0x0000000005270000-memory.dmp