Malware Analysis Report

2025-05-05 23:29

Sample ID 240504-vdx6qsef88
Target redirect
SHA256 ef1854221606db0f677c86d8f841b178c1564d5f8015f0706322e74fb7d21d7b
Tags
zgrat discovery rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ef1854221606db0f677c86d8f841b178c1564d5f8015f0706322e74fb7d21d7b

Threat Level: Known bad

The file redirect was found to be: Known bad.

Malicious Activity Summary

zgrat discovery rat spyware stealer

Detect ZGRat V1

Suspicious use of NtCreateUserProcessOtherParentProcess

ZGRat

Reads user/profile data of web browsers

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Drops file in Windows directory

Enumerates physical storage devices

Modifies registry class

Runs ping.exe

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

NTFS ADS

Enumerates processes with tasklist

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 16:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 16:53

Reported

2024-05-04 16:55

Platform

win11-20240419-en

Max time kernel

145s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5240 created 3308 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif C:\Windows\Explorer.EXE

ZGRat

rat zgrat

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2878097196-921257239-309638238-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878097196-921257239-309638238-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Executor2024.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5060 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5060 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca2bd3cb8,0x7ffca2bd3cc8,0x7ffca2bd3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9368 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11024 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap30797:86:7zEvent15112

C:\Users\Admin\Downloads\Executor Installer.exe

"C:\Users\Admin\Downloads\Executor Installer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Strategies Strategies.cmd & Strategies.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 55311775

C:\Windows\SysWOW64\findstr.exe

findstr /V "DEATHSINSTITUTIONSNGBUNCH" Precision

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Garlic + Designer + Rely + Boxed 55311775\g

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif

55311775\Agrees.pif 55311775\g

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4576 /prefetch:2

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

Network

Country Destination Domain Proto
GB 142.250.180.3:445 www.gstatic.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.178.10:443 translate-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 3.162.19.176:443 cdn.amplitude.com tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 translate.google.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 176.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 115.81.224.13.in-addr.arpa udp
US 34.209.159.134:443 api.amplitude.com tcp
GB 142.250.187.234:443 translate-pa.googleapis.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 163.70.151.35:443 www.facebook.com tcp
BE 64.233.167.154:443 stats.g.doubleclick.net udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.187.234:443 translate-pa.googleapis.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 104.21.63.106:443 www.ezojs.com tcp
GB 172.217.16.238:443 translate.google.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
FR 13.39.145.251:443 g.ezoic.net tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 2.18.190.81:80 apps.identrust.com tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 23.53.112.234:443 ads.pubmatic.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.112.53.23.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 130.211.23.194:443 api.btloader.com udp
NL 185.64.189.226:443 ut.pubmatic.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 104.26.8.169:443 script.4dex.io tcp
GB 142.250.187.193:443 0bb247fd687c8a4fe414b6e4fc09c1c0.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 178.128.135.204:443 rt.marphezis.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
IE 54.171.147.131:443 ap.lijit.com tcp
GB 13.224.81.125:443 hb.yellowblue.io tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 18.165.151.239:443 cdn.prod.uidapi.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
GB 13.224.81.88:443 tags.crwdcntrl.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 34.120.135.53:443 oajs.openx.net tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
IE 52.30.206.92:443 bcp.crwdcntrl.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.179.230:443 s0.2mdn.net tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 125.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 119.14.67.172.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
ES 212.36.83.246:443 d.vidoomy.com tcp
GB 142.250.179.230:443 s0.2mdn.net udp
DE 51.89.9.251:443 onetag-sys.com udp
US 23.220.112.27:443 hbx.media.net tcp
US 23.220.112.27:443 hbx.media.net tcp
GB 216.58.212.226:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
FR 154.54.250.150:443 ads.stickyadstv.com tcp
DE 3.120.73.88:443 rtb.mfadsrvr.com tcp
NL 81.17.55.171:443 ssbsync-global.smartadserver.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 104.22.51.98:443 spl.zeotap.com tcp
US 199.91.155.9:443 download2268.mediafire.com tcp
US 199.91.155.9:443 download2268.mediafire.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
GB 216.58.212.226:443 googleads4.g.doubleclick.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 34.98.64.218:443 google-bidout-d.openx.net udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
US 8.8.8.8:53 9.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
NL 185.235.87.108:443 gem.gbc.criteo.com tcp
FR 185.235.86.5:443 ag.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 193.3.178.4:443 ads.us.e-planning.net tcp
DE 79.127.216.47:443 id.rtb.mx tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
DK 37.157.4.29:443 cm.adform.net tcp
US 35.227.252.103:443 rtb.openx.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
ES 212.36.83.246:443 a.vidoomy.com tcp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 29.4.157.37.in-addr.arpa udp
IE 54.194.207.82:443 ce.lijit.com tcp
ES 212.36.83.246:443 a.vidoomy.com tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
US 104.17.43.93:443 gum.aidemsrv.com tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
FR 5.135.209.100:443 ssbsync.smartadserver.com tcp
NL 185.89.210.82:443 secure.adnxs.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
GB 142.250.187.234:443 translate-pa.googleapis.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 18.172.89.43:443 api-2-0.spot.im tcp
IE 52.18.240.157:443 match.prod.bidr.io tcp
US 64.74.236.63:443 b1sync.zemanta.com tcp
US 64.74.236.63:443 b1sync.zemanta.com tcp
NL 35.214.130.251:443 csync.loopme.me tcp
US 54.158.42.6:443 sync.srv.stackadapt.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 3.223.41.121:443 cs-server-s2s.yellowblue.io tcp
IE 52.50.53.225:443 jadserve.postrelease.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.68:443 bttrack.com tcp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 43.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 251.130.214.35.in-addr.arpa udp
US 8.8.8.8:53 157.240.18.52.in-addr.arpa udp
US 8.8.8.8:53 63.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 6.42.158.54.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 225.53.50.52.in-addr.arpa udp
US 8.8.8.8:53 121.41.223.3.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
NL 35.214.130.251:443 csync.loopme.me tcp
FR 178.32.197.56:443 rtb-csync.smartadserver.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
FR 178.32.197.56:443 rtb-csync.smartadserver.com tcp
DE 52.29.52.215:443 match.sharethrough.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
IE 34.252.234.181:443 ice.360yield.com tcp
US 8.2.110.33:443 us.shb-sync.com tcp
GB 13.224.81.95:443 s.ad.smaato.net tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 216.58.212.226:443 ade.googlesyndication.com udp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
NL 109.107.157.17:15866 tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
GB 92.123.128.170:443 tcp
GB 92.123.128.170:443 tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
US 20.189.173.14:443 browser.pipe.aria.microsoft.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.97:443 www.bing.com tcp
GB 216.58.212.226:443 ade.googlesyndication.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bdf3e009c72d4fe1aa9a062e409d68f6
SHA1 7c7cc29a19adb5aa0a44782bb644575340914474
SHA256 8728752ef08d5b17d7eb77ed69cfdd1fc73b9d6e27200844b0953aeece7a7fdc
SHA512 75b85a025733914163d90846af462124db41a40f1ce97e1e0736a05e4f09fe9e78d72316753317dabea28d50906631f634431a39384a332d66fa87352ff497f8

\??\pipe\LOCAL\crashpad_5060_KFUDDQWIAIWDKVOP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7c16971be0e6f1e01725260be0e299cd
SHA1 e7dc1882a0fc68087a2d146b3a639ee7392ac5ed
SHA256 b1fa098c668cdf8092aa096c83328b93e4014df102614aaaf6ab8dc12844bdc0
SHA512 dc76816e756d27eedc2fe7035101f35d90d54ec7d7c724ad6a330b5dd2b1e6d108f3ae44cedb14a02110157be8ddac7d454efae1becebf0efc9931fdc06e953c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 796be39edd9d0f37c979f85205b53863
SHA1 58f37b48f09b5041f0999ce70087905e662cb842
SHA256 404610c9d89b983c7ff2c61f9d38b14a5315210fc3f9cbb1ae7cfad6abe74bc8
SHA512 6cfaafb777755664226bc7cd8d2711dc31fb16a77ddce160bcec970b4231f87d1a749449cdce2625b1785ea1feb2fdaa81395c75418e07cf35354c06b8682b73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 58106a0e9b69ef21ad66962bf3db9d1c
SHA1 ba79c0a099762dba61c799a34ac80b734b5ae263
SHA256 95572a471008bb8cf63bd1dc275c921179e37dd894e721ab3ea0502c2ef87f38
SHA512 197839dad238577e237508766f45f258f50ac395e0059933cfe47388eeb5fc6eccb2e738ee96d38074584cfba448f2f7403d1a6bb70e6bc4a5463db74d634960

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 960f60e75d9b69f94d63a22cd2e210ac
SHA1 ccaace28e74cf261e91325bd246ef3c3fc8bca27
SHA256 e7b37f66c2a6762f68bbe4f6b321d8072983e1ccf1b68c7435581938b5cd2806
SHA512 910d4022b47af0b533d6b9d3602a86dfbfcda85123c0706b109ca33aaf53f18904864cd42aec355716301bcd6f992c30a75ff6620e4c5131e764511bcab942a7

C:\Users\Admin\Downloads\Executor2024.rar:Zone.Identifier

MD5 cfb4817033fb9183fcb0369b9bd192ac
SHA1 e468fb77166d4ea8e22445c5ffff6d44e814c042
SHA256 59f857f7b8948e5a8146c53eeaa11468eddffee329620ff2ee95e9dd14e4009d
SHA512 12213720d21faff84e4e2db58647dd05e759942756509461767bca81e48a41aa689429d8b03a3ca00bfbdd083d6d3cc7687f2fe43b49db381388a64998b94b83

C:\Users\Admin\Downloads\Executor2024.rar

MD5 959d95511ab32d2b0443e6f9b5723e47
SHA1 4ad372c71d7c80120cf701363faf2a23ae50d996
SHA256 1c4562ddf99b0bc4b00e544b8be6eeb7dae4b23929fcc6c7c3551b99aca938a5
SHA512 7da86add4fb75add470d36e1056911b3feeefc8ace71bb6823d709694ab8ef30945561b03389e822c73ae0041843e598b078bfbf257e1b02dfafea6be4866272

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d6e649fcecdc328e2bcdb7061fd457a7
SHA1 e7289190b14e3df4064d198c179ce83bd70f5774
SHA256 e8956681adbe97bf587504362220db7d2a6028a09db0fe3713c22ef45618937e
SHA512 18902096ac070e1737709ce8e75fc3f66f2b8e68cef5d0920a56c681786696fec8653f2c58bc2084e86f99855b5270a0053e53ef87b658b6a58fa603ccdac4e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8dc8b1114ccf21252b71a686d3a1f3de
SHA1 ae66fb7412d9c44c02329c7870af92d16e0dc207
SHA256 afc45b4987b10a660aa0720620943a4676865a642c99d5957bccc3ee0c8fe8d7
SHA512 c11d2adb8de9407ff559afddeeac19058f5eb9bd2b6939e3ff3f1f1cc29661cac2851482ef7e61fbe3b60c8beefc0c6e4816aafac927c2349452dc0113ad8920

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579664.TMP

MD5 6f2437f63a1780360177184f6da6c502
SHA1 da677e44b0694ab9f4d421715b43d3276120df4b
SHA256 9b0780181513c74c930b7a8a71a6f76fe2c8116eaa9f4c2e4612d4e91e47c15d
SHA512 d595762cf2fef80e25a10c99588bb7b0d91c8bc1c20080f5041ec8334590cb1e55b67426b35d26c2d6c7446978397184340693270d9b9be6f3c120f0ff5fa9c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7649c5e1e4d098684434a9a824a98ff1
SHA1 931e719d16b2c2666fb2cf9a93894765d0ba667e
SHA256 5357665194c508d04bfa4b5742df28b0076cf2f53adf62c8fd660b8e6bf312fd
SHA512 fac1f86e739fb10599a81739fbea12f5551085705df8c2f9cfea520f5d56acb9f2b3b13472062cec4b6445216bdb65f0f66df9609d72039d2878060319223cab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 35f92c8becc4c381bebfbc28ed122f10
SHA1 f164d88f7ac957a0d7f2ea6d4572cd28366106ec
SHA256 c96e4971abe0358601ce5fd76db443aeb108d684f9d016c5f7b3baed3106fcc2
SHA512 147998c24ec6bbeab819c082800affe393cd8b9f99aae7d820af35f63273c31c541f4d79e6f73d5463967f73b7347cd31bbe6137632be42dbdefc13112b618f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 e8c0d56a14c900bd28d936c6eafbbb35
SHA1 014da87fac24abf750405bff3c4442ead6403d29
SHA256 619f8a7e8f30c5566c5d1bc600f06a14dcb33cecb26dc3d8b734323ab29b436f
SHA512 19577e8d77e27a2c8f50a0cbd62b68b80f343fe827279e5ecbb7f2a9ff66957a3e3b98c37d42d58f0d6dc472f9c656a886430f2c0b566e75d6787f09c06c4085

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 23e27b25649876f27c181efdeadfc8d6
SHA1 9863dad332964fb57e21f951be539fcfeafe7250
SHA256 7b1e20c89858082755a93ed4511747464aff17b722a0a4d533e89784ab7b70fc
SHA512 683f3235691e33cbdee39172b211fa103361ec3c41a9b554834d41ad5ab079993b39bad9c5a5a743652bcea618ff3356c5287dc95817ce2a9d167c8e2a6ada75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20e860534ffdbec7c0c24d0cd5ec4ea6
SHA1 c38edcb3924d96b8b77ec00e8ce87c4ef8b1005b
SHA256 6214b63bbf6f3cd501d7f0c74a7bbe7344131251b271e421a4e30a9e21fe7fbe
SHA512 6592a86e42ffb58278a63b92de48111bdb8002adf09c2f8c523017360bea859c042ed6edbe21e8972580bd7a15b7278e75d00e42435d6a27bf95f8c9da39a1db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Strategies

MD5 9922b4c7b218d4c1965d5229d751acf0
SHA1 29f1c3faf5b7d127f4fc6ff72d1f4ca2b8024ac0
SHA256 052e971edbecb05d42e029bc98371679d759b9aff265195d1e83b98afd61374e
SHA512 0c9d15a5fdaf76f4fcad059fc240b19f11210e518376302418e909c81b0adf1a66f243f3793652146a033a1036ec543a465c7aff4d67dd6706f238a05cfd398c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Precision

MD5 4c0ab90d7562974eff0a0c36be008c4a
SHA1 8c9876c26cfd3ea497576c7feb5945aa2dcbdcdb
SHA256 c4f0f098ae7b11270ea13b4affed062d104cb47de0ea4eb73e68f3340c7aa29c
SHA512 e6450d6589d9568213cbebf810eef660856ed14f29c10fb6baa0086258cf9189f65951b664300252b984b1092c69520a986e3d6be68c428503f984171670a1e6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kingdom

MD5 47bfe377e6467488bbcd4f8a097555df
SHA1 4b853a58ed2099c209435efcbb2d899e8038e696
SHA256 97f1422181308e7fc38618e2106486ed876a726da951260c3fc5a8f4c417478c
SHA512 04d5ec5b49ade373cd617b85bcb9a46260218567b86b937cab625611d6e5ab53f024a04f451c9789e12704587da745e8553d938dbee1c41030b81d59d33a086a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Cons

MD5 07f0c4eef51329fc5c1b9237a9434469
SHA1 e4fbf976129ee83c9895d88efec17da50f4f704f
SHA256 450e1633dcf220973cefd8bb6ba9cad0e3dcc9f1910e63cec0211cfe6202f6ec
SHA512 4c761974a5b1f4522768b10b302946a118afdd51b4f820a62f1533cfea6e1a5e5bbdec66a4412e2e931bcf875c7dcb4d7d70fcf963f513c7a9ffb1dba0fbcda6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pledge

MD5 71105d28de31d3ad93dbc93c12002e8c
SHA1 d9046bdeb0e063681b64fbbdb5719c10f896164e
SHA256 0a8e3a14e5acec2d226ab341c439bd6db66b095c2f7848e5f47b4c4e7ec15827
SHA512 c03a8b16eeb600c37017b285cc3cead86c5d1901f65e8f2ec0ec0b7e7f05649fe15b59ff619596dc08c5f7cea81fdca6250a0dd168740549949b3787b41716e8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Follow

MD5 d44fb9455a83e2e823013e8923980b31
SHA1 c6401df5f68ff0948a1e304067aaa466e65cde84
SHA256 8ed8ab83dc7993dcabf98b160dbdff4778727ccec62c5de4a0fb0f25b3cf3816
SHA512 88a5e04cd13a83510f38a84a86912b2f4c2da97668f02e8bcb96aafd78aa73b9ce124f9675c6a3fc640e52aab06a43283dd74de8e5f9528bcc7070729f847684

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Garlic

MD5 7d4e9ed463e3efdef49f420609cec62c
SHA1 5b46662f2942b3120df19a6d4fbc5b7f4ecee4cd
SHA256 bafa87e1a23430d064d9a0296bf77f1a3e6a9832e5868fe85501fa6a957155db
SHA512 8de3eba1a6aafa2b57165edef0e3b74c6790f29b971cb89daf8688fca8fb09016a2c56cc5f3dde79834ba254dc47551fa3e247689324facc4d6a638a956408ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Designer

MD5 d9fc27cb9af1b176f9a4abe89686076f
SHA1 b86a314e48892614ba178e890821f7a737152d40
SHA256 8ee688a3d2adb673e07e89bda1c566f17a9af3d576a1d7d820866a225f1e7ae9
SHA512 ea1d57d1038ca9c32343680e1c294f2f3462d4e6e3ae0846dd3c7a1f2c4bb8c59a1acff0eed020c86787a860f84ce2fa9af7497782707652243a852eb5f34f08

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Rely

MD5 f02d4a1db8d9ba37ecfa89176188386d
SHA1 87cf88e47411e377003505aba23f2bd495dfc02a
SHA256 9e60a85385a456f9ac132abd11d7162304f0a216c4f639e5424236c5775cebd4
SHA512 d2485bd81ce0c6266e5d0935490ef2f5ca29a20832d0f2d1830a3f3782a0486802f34c003a15476c2ad78678ef4ffa73a9439bf3105ce458e5f0946fd67a95c0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Boxed

MD5 2cdb98354e2c77801f32a736dbf19863
SHA1 2b465e4e2299f7ca04d547f4565ca9c7b1e88eb5
SHA256 fb4c865fb50a1ba5625ba7abb7221c88a3269f2afac86108dec0ae05c2f28282
SHA512 1e5d195823f825c8f31c613842c16ea179adfa1d55119e45b70e4386f1075e9303082372c087080d1ac5a1f33ec24e308eb59b7f121352d0aa26c7095a104ce6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif

MD5 6ee7ddebff0a2b78c7ac30f6e00d1d11
SHA1 f2f57024c7cc3f9ff5f999ee20c4f5c38bfc20a2
SHA256 865347471135bb5459ad0e647e75a14ad91424b6f13a5c05d9ecd9183a8a1cf4
SHA512 57d56de2bb882f491e633972003d7c6562ef2758c3731b913ff4d15379ada575062f4de2a48ca6d6d9241852a5b8a007f52792753fd8d8fee85b9a218714efd0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\g

MD5 ee34639bbbdc571f3a65bec1215e3afa
SHA1 1b96d5c9a925c50a78f01b0cac4ebed0c0fe21c7
SHA256 c7bb1b26952503ffe03a866ae42bd99b1db11fef35219008ae1995f8cdc65dc2
SHA512 1a8c63c9ff49e6f5e633dcea9b4967958f64f00740c0b8320fd6b016362201d85336433d6c02a9f0af13cdae13b3a35868fff96f00dfd163b7c9f710468d2f8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a0c5a5c598f1542d8c156cc88701928f
SHA1 07c2e9e4a63cc53236036059ca0bec837f95d294
SHA256 7961110b715da4d41b962f1877e80c8844a3b2f777bf6b4a372e5b3a49be5925
SHA512 f2d30a675773c634860eafe3e2606b645a86f1b052c7500fbc19b0e51c25adf7a3c2af14885ae6f775d409f9827cc7a4b0b51c53b64ed44afc139372539090ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5a77fd77bd36c709df445a059fab2530
SHA1 c1ca85a2c4b36dae1de093b29e739862258e1eba
SHA256 09acbce257a953c08ab11e7cf9982c7c82a135a826d95440365fd5a6aec98285
SHA512 eeb6b8d1216bd57a33eba65f4f75c853fc47ca43dcd360c7aee6d211280db1cf5745999a527a681f5d69dc61f29d476e64fb2d51beeb91e19545cbbb8700710b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c20d844b0b174c40_0

MD5 2eca5bd77b0244c24d09d91067c83b05
SHA1 f1f75bbfdf5bd4e7c286cbd52c5849b9ca745254
SHA256 52fc1d702f5249a01e05199b4de9d188ed7b6f14ce98f9795e82d0d111ceac1e
SHA512 f3301848e59040c8c7b3dad40c567fe702d9a65f4390ff0672f80df98e693f9f24fe7eef0540a79480e809dcc6b6ac535852d34c92503f654532805ef5115803

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ba0168fe3a15167_0

MD5 b85c392b07d995369f975c0cc4468a40
SHA1 c390dec8bf5b6adb029bede0da77cf50534eeb32
SHA256 9efe21377f545a505ead848d5a760c7174f94200bb8188f61a8570d90b54d521
SHA512 43806ad11ede5956a214a908c7850087f90836bf378fe717c8484ef3683aa432f590a8e304c23b76c322f6298f0e555ade07f472a33d5de6e0b3085103bb7355

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\802f15c58efac90f_0

MD5 f6ff0336680731c3950e38637a65067a
SHA1 d1afb00ed57edc533ed96c8991508130255fe216
SHA256 5f8f8ae142f18be8cb194839ce33f9ef432bb0a5d918ae81251642cf4e382991
SHA512 7b356bb2f4f17383a4dcff6dfa168da94bea0f5bdd4fe97b568424a71adddc5e306ac590b76240af37a88b5d1a5b32b135486bc5217b10a2d6c4ef36743d0d7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fc1d50b37e662888_0

MD5 a6b29691e544ac93031844d2b377be7c
SHA1 c6fc635ea8973f85db57c7114d82200cc066c551
SHA256 3a761fd04d8c839d2df465cbd5db5bbc9adbddb739182ad7ba81471931b3a014
SHA512 34a2da420849644f7575a52b729efc331d26e28fbd271a79d56dde5fcf4cf340f337c6565c5990bbd99418aa041bc190ef83c767c5090118312b5b9fabf953c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7635a1d39885c2d5_0

MD5 f7044162db2d1c59c71c72f67770d29d
SHA1 ca4911499413645a76c2ef35d510065a2d872767
SHA256 8ec1df46cfea6e06085d2a556e4df2b7c85a85b415316d7991d018ce0b90c558
SHA512 f759c88c0e1b673a002965750ffc748e1196b68aca8e8ec856608d5554cd4767124c9fa709b4418ebd4af0f3077a2645ab434d31de25b2fb2602eac82fdff657

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\751b15a431d66bdc_0

MD5 214d7578117ed49a3081d09e1a03010c
SHA1 e0d2eb32a62b939817d4ea2e7171e5b250214ba0
SHA256 6038b9a81201a3b738cfc67c6ee5866cedd80cbd9273df141d66d50e068f2404
SHA512 a6d3054848839b8005898fe6587f3098d9b7a5d1c3c7e25fd8d369ef2b9f288354a299d4872b88c208df735783d5f0e31af17ff0a11e0cd9946abaa78422b722

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1cd981e70c1d510f_0

MD5 42aff308cb29bf7cf5649ceeb723d572
SHA1 9bfb824dfcd51b5ea250428942352ab510f21ec6
SHA256 35a59a1d3a278f60beebac35c22b177be7ba3c48c8ee9347e66e80cfe692b7e0
SHA512 2bce9c3dd7da2e5c4160f12baa223b3087e2c48bc3717f40451792324cff2d85e45bb6f8f48ffb1003ee2b6772f294c7b3794d9fcf92e6c27ba1ee1909337ed8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6580e5aac6526afd5bbeab1d6f78f27c
SHA1 5dd444ce588e3c9e59bcdb2e096c4a088f91a2a2
SHA256 f13e551676770c5472be91128f8bcb83a8085d53f434668369f95765039e66cb
SHA512 5a763f7eec18dee1ca7882932b0feb0440787c6d11f935360602543cae4317a250ec319e8e924cd9831ae15b669ac1089b3862d092c545fc709c7d778f16a108

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 26a6bbd32703d627b19573df0da7bd25
SHA1 f2d93d0e9f7108d7089aa0d28e9b2f96cb5efd06
SHA256 970e5cbaac1af78ccc92c6fb21522a129963d1ab78a5f7fff8599788243e8b07
SHA512 7817a9b1ef0688c47d245891d5cd577544126ab2200b942f45a2508e4b52185d5b5d829b00a69025c35e06aea761759611834fd96549574ce92f65267c6aec61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8ea8b8fc2e14e6dc25afb338b72619a
SHA1 60bc21c77ed6bad0adaa69bb8c9b7874a327fd47
SHA256 24a086f66a35303255c67549e662291ef7ea0214ac56aecded432ed8cab490d5
SHA512 09ca221e8f3a52a28a3eb0567befe86ff6206c2e41242b6d58aafc1cf96c8fb9fd25702b390dae4a3a096e9719664f342214b6a80f077cda424d623f9bccdd1c

memory/4284-571-0x0000000001020000-0x0000000001086000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe

MD5 42ab6e035df99a43dbb879c86b620b91
SHA1 c6e116569d17d8142dbb217b1f8bfa95bc148c38
SHA256 53195987d396986ebcb20425ac130e78ad308fdbd918f33f3fd92b99abda314b
SHA512 2e79de2d394ad33023d71611bb728b254aa4680b5a3a1ef5282b1155ddfaa2f3585c840a6700dfe0d1a276dac801298431f0187086d2e8f96b22f6c808fb97e5

memory/4284-574-0x0000000005C50000-0x00000000061F6000-memory.dmp

memory/4284-575-0x00000000056A0000-0x0000000005732000-memory.dmp

memory/4284-576-0x0000000005660000-0x000000000566A000-memory.dmp

memory/4284-577-0x0000000008CA0000-0x00000000092B8000-memory.dmp

memory/4284-578-0x0000000008810000-0x000000000891A000-memory.dmp

memory/4284-579-0x0000000008750000-0x0000000008762000-memory.dmp

memory/4284-580-0x00000000087B0000-0x00000000087EC000-memory.dmp

memory/4284-581-0x0000000008920000-0x000000000896C000-memory.dmp

memory/4284-582-0x0000000008AA0000-0x0000000008B06000-memory.dmp

memory/4284-583-0x0000000009440000-0x00000000094B6000-memory.dmp

memory/4284-584-0x0000000008C70000-0x0000000008C8E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 acad99e4f90b894d971825782b3a100c
SHA1 9d5f14920f5b9a27f9310a8bd3c66ba7a034b2f7
SHA256 e63a34e6c1e99d91df67861d15220d921e74af7ec5100a6088b9d8b1a9d139d5
SHA512 830e1ef65b04462c4352d80db651071c56906da9e36dc016ccabe335e2353c6aa1a723764ef90a0330d1beb42abbe2e763666ca33ca7e884d390d6f73d6fc671

memory/4284-594-0x000000000A1E0000-0x000000000A3A2000-memory.dmp

memory/4284-595-0x000000000A8E0000-0x000000000AE0C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 e1ee87c8d9aa6ad37e4ab11578ece259
SHA1 ac418a9361d079ef5889de81bea86c651999e466
SHA256 c1f9f3e5f82d8f40bc3a789bf512cd193d0f28d987997cfced4f0a5cea2fe416
SHA512 5371d8e8c7c4fa597cf56cbb44a3d1260d7ca352389d56893265683ffc69ba895847e3c99205393d3f592ef03febf0f5992816914d719b8e9bfd11374a9f75a9

C:\Users\Admin\AppData\Local\Temp\tmpBB7E.tmp

MD5 14ccc9293153deacbb9a20ee8f6ff1b7
SHA1 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3
SHA256 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511
SHA512 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

C:\Users\Admin\AppData\Local\Temp\tmpBBDF.tmp

MD5 87210e9e528a4ddb09c6b671937c79c6
SHA1 3c75314714619f5b55e25769e0985d497f0062f2
SHA256 eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1
SHA512 f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a8bfa7213df9b8abd48dd2d9c1ab0324
SHA1 bb10bc5c6ff6d0009c37e0c7b467d70704f63dd4
SHA256 c18b4febc6c97962edfdb2d5261bb2d863c17914fe406444f53a313704c28786
SHA512 ffe7599cbf4d95f45f05b8f556b7dc31abc3552cc7e74b98a2231a3d3d8cf2c81b54a297df97c4a5c314daa1eff6d15c74588dfc89d1758a16905ea95ce644aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5abc9e488ad0b2ede2b0823951b3ce68
SHA1 6151fc9bac5dc4579a5f35ac0eaf3458f9d9f67b
SHA256 acdc9b7c153215ef09ac565e7a934fdd67d309628084bc209fbd9d561306f891
SHA512 4d9062ebd6d970e3d0f34ec27232911d594ffe4e92399850ada7a83f825774569a9d14274e90f078daf8feb62f7cb6ba7c3f14d7662631fee4cf310f6e65b19d