Malware Analysis Report

2025-03-15 04:17

Sample ID 240824-pejrva1elr
Target https://waveexecutor.com
Tags
defense_evasion discovery motw phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://waveexecutor.com was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery motw phishing

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Checks for any installed AV software in registry

Indicator Removal: File Deletion

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in System32 directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-24 12:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-24 12:14

Reported

2024-08-24 12:19

Platform

win11-20240802-en

Max time kernel

300s

Max time network

301s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://waveexecutor.com

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab\LastUsername C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab\Session C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab\LastUsername = "ninja3280" C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A

Checks installed software on the system

discovery

Indicator Removal: File Deletion

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WaveInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{C1F4FB41-C5C0-423D-AB26-FF83DF290253} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\shell\open C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\ = "URL: Roblox Protocol" C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe" C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\URL Protocol C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\shell\open C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe" C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1" C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\shell C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1" C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\ = "URL: Roblox Protocol" C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\URL Protocol C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\DefaultIcon C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\shell\open\command C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\DefaultIcon C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\shell\open\command C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\shell C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 118286.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\WaveInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Luau Language Server\node.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5064 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://waveexecutor.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc8bfd3cb8,0x7ffc8bfd3cc8,0x7ffc8bfd3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9060 /prefetch:8

C:\Users\Admin\Downloads\WaveInstaller.exe

"C:\Users\Admin\Downloads\WaveInstaller.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4940 /prefetch:2

C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"

C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"

C:\Users\Admin\AppData\Local\Luau Language Server\node.exe

"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=4824

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c del *

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\system32\whoami.exe

whoami

C:\Windows\system32\WerFault.exe

werfault.exe

C:\Windows\system32\wininit.exe

wininit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\system32\wininit.exe

"C:\Windows\system32\wininit.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 waveexecutor.com udp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
US 172.66.132.118:443 s10.histats.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.132.66.172.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
CA 149.56.240.127:443 s4.histats.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
FR 216.58.214.162:443 ep1.adtrafficquality.google tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com udp
FR 142.250.179.68:443 www.google.com udp
GB 92.123.142.137:443 r.bing.com tcp
N/A 224.0.0.251:5353 udp
GB 88.221.135.25:443 th.bing.com tcp
GB 92.123.142.161:443 r.bing.com tcp
GB 92.123.142.161:443 r.bing.com tcp
GB 88.221.135.25:443 th.bing.com tcp
NL 20.190.160.22:443 login.microsoftonline.com tcp
US 172.67.73.98:443 web2.temp-mail.org tcp
US 172.67.73.98:443 web2.temp-mail.org tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
GB 92.123.143.169:80 apps.identrust.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
NL 152.42.150.143:443 cdn4.buysellads.net tcp
US 172.66.43.196:443 cdn.paddle.com tcp
US 104.26.6.95:443 web2.temp-mail.org tcp
US 104.22.75.216:443 btloader.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
GB 108.156.39.27:443 config.aps.amazon-adsystem.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 pbjs.e-planning.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 34.120.63.153:443 prebid.media.net tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
NL 188.166.203.175:443 rt.marphezis.com tcp
US 172.67.75.241:443 script.4dex.io tcp
US 172.64.153.78:443 mp.4dex.io tcp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
GB 108.138.217.48:443 hb.yellowblue.io tcp
US 104.22.4.69:443 a.ad.gt tcp
US 172.67.75.241:443 script.4dex.io tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 78.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 34.189.245.18.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 175.203.166.188.in-addr.arpa udp
US 8.8.8.8:53 48.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
FR 216.58.214.162:443 ep1.adtrafficquality.google udp
FR 142.250.179.97:443 ep2.adtrafficquality.google udp
DE 141.95.33.120:443 id5-sync.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 143.244.153.54:443 exchange.cootlogix.com tcp
US 143.244.153.54:443 exchange.cootlogix.com tcp
US 143.244.153.54:443 exchange.cootlogix.com tcp
US 143.244.153.54:443 exchange.cootlogix.com tcp
US 143.244.153.54:443 exchange.cootlogix.com tcp
US 143.244.153.54:443 exchange.cootlogix.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 142.250.179.65:443 d5c54c1cfc22c42ed6a50de2fa792365.safeframe.googlesyndication.com tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 35.241.34.106:443 c.4dex.io udp
NL 185.235.87.22:443 ag.gbc.criteo.com tcp
FR 185.235.86.229:443 gem.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 134.122.117.207:443 sync.cootlogix.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
GB 92.123.140.75:443 hb.trustedstack.com tcp
GB 23.73.139.64:443 acdn.adnxs.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
DE 51.38.120.206:443 onetag-sys.com udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
GB 13.224.222.56:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 52.22.3.193:443 cs-server-s2s.yellowblue.io tcp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
GB 23.73.139.56:443 player.aniview.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
FR 217.182.178.228:443 ssbsync.smartadserver.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 23.22.234.152:443 api-2-0.spot.im tcp
US 172.240.45.78:443 sync.aniview.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
DE 157.90.211.246:443 sync.richaudience.com tcp
DE 157.90.211.246:443 sync.richaudience.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 63.35.100.114:443 ap.lijit.com tcp
US 192.132.33.68:443 bttrack.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.246.165.197:443 match.prod.bidr.io tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 64.202.112.223:443 b1sync.zemanta.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 54.205.147.202:443 sync.srv.stackadapt.com tcp
US 172.111.38.54:443 tracker.open-adsyield.com tcp
US 104.26.2.170:443 api.getwave.gg tcp
IE 54.216.57.173:443 jadserve.postrelease.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 52.240.159.111:443 www.nuget.org tcp
US 152.199.23.209:443 globalcdn.nuget.org tcp
CA 149.56.240.127:443 s4.histats.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 104.26.2.170:443 api.getwave.gg tcp
GB 23.49.171.19:443 clientsettingscdn.roblox.com tcp
US 104.26.2.170:443 api.getwave.gg tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
GB 23.49.171.19:443 clientsettingscdn.roblox.com tcp
GB 92.123.140.24:443 setup.rbxcdn.com tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
GB 88.221.135.42:443 www.bing.com tcp
GB 88.221.135.42:443 www.bing.com tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
NL 185.89.210.244:443 secure.adnxs.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
NL 188.166.203.175:443 rt.marphezis.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 35.241.34.106:443 c.4dex.io udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 185.235.87.22:443 ag.gbc.criteo.com tcp
FR 185.235.86.229:443 gem.gbc.criteo.com tcp
US 104.26.3.170:443 api.getwave.gg tcp
GB 2.18.66.171:443 tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
GB 95.101.143.185:443 www.bing.com tcp
GB 95.101.143.185:443 www.bing.com tcp
GB 95.101.143.185:443 www.bing.com tcp
GB 95.101.143.185:443 www.bing.com tcp
GB 95.101.143.185:443 www.bing.com tcp
GB 95.101.143.185:443 www.bing.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e8115549491cca16e7bfdfec9db7f89a
SHA1 d1eb5c8263cbe146cd88953bb9886c3aeb262742
SHA256 dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e
SHA512 851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

\??\pipe\LOCAL\crashpad_5064_IFWJOTEXLGTAHXKI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e2612636cf368bc811fdc8db09e037d
SHA1 d69e34379f97e35083f4c4ea1249e6f1a5f51d56
SHA256 2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9
SHA512 b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a22b147ab71dc740dbba414d6eb7b047
SHA1 7b4317ebad293a039d86305ba06aced46b3d81d1
SHA256 9a40aa6d0d3115e4ab664062f2cb895e29335647f8bd345c284f748db38c7ab9
SHA512 59c34a15e1043051f0e56e2b697ad5b1873b49052bc2ba90a90da9588430387f0682f93d2f7bbfbbb9dc1827c50cf9dc024615c85742d664b70eb9dd7ed2922c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 8266eb9d769b0040c61f9107b9233d0d
SHA1 7d84098b0f5a6b1fb73333838e071558086938da
SHA256 389603813af8808ae7ec8ca4f2bc326b15e4c2ad5d86eeabfb271ac4d170b923
SHA512 82854e09e38363bf682d1426cd72d2efe770a58531f8b006c80c32718229cd9699c6db6ae4afe0a5ba64504a08b16568e53ec8fdf2702b5abc41ef7711f011b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39fd9665d3e040d8bef9a2fefacb0057
SHA1 60f882ea18af8cc32df2a88c9ec5e868b609795c
SHA256 bbc7983a63976b250103c4bd9268939c28f9451a8389be6b3c1babf24269982e
SHA512 7b30138b221a9bca9a34359849aa269b31e6c2e72b97b492490c6550f7c47963e38f7d3a2498f79ce9ce62c29e142bb6ec09f0e0c26241b0ec9a36251c358c92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a44a8b9a4a85d371626febeaeddeba3
SHA1 7deec3e39ba13ec3243f0d36ac5fd7abac406048
SHA256 20fee0a44e8f4cb817109632ab0c290f185000edfb6d271b1bc35d48255c1d3b
SHA512 3a63aedacc6357fdf521036e21b99ba8551c39dd956de871a418ee12da1b7de2edc82226f54ea95c21c8516f6ee42edc4b6e51b53dfafe462a5436566bf76f6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 e4cc1ece2f2425b10ae2ccc212c1dafc
SHA1 92609e6d0093693110baa23758382889bcb30da6
SHA256 92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809
SHA512 2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f775f612fc1634805198d88d186c989f
SHA1 2d40e163e986052670d5f2017c4590e5f30e31b0
SHA256 8c699f11a3d53fd3d7ae52390e083e33aabb2ce43981297b5ce404257139f987
SHA512 c4b17be465eeacc3abe00ad9c110465943114854946372f74d08656b0cc51a797445a2a8d5edfa8894835d7e754db4b7493c2d258811efa2f3ab74bf7fcc06fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 9708e5224c10eb91f435950128a72070
SHA1 cc66f87dad487f1db80dc78942a7016d26725ae9
SHA256 834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d
SHA512 8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bbe8af7ca436c11149feca216ed53f54
SHA1 f0b058cb32a57933cb2b7edab334f437cb9ef68e
SHA256 3483bfcdbe71da9861999bdede3662212ca42f545286e0f27eea1e00dc892879
SHA512 1fb6534cbaf6d199cfe9bd644b271bce3dfaf584b2a7c093fa6b103f19d0a7cde01b7be41c21b5def777cbe2a24d5b618a5c6a4cb5d686e5cc3a7f6fbb7d9cf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e0ab.TMP

MD5 298150384018a34cf98c36831a6d6d8c
SHA1 8a1e8340e02bbf10dba11c90be63365fc2722179
SHA256 c043f5fd95bfab057b3f5071eb9430c7cd62eb0ecef49414e6013484eb79b507
SHA512 4be5e48f36ca0ca144d4ef0a06593f16a17d4be75dae16cee8ee0ceabf155cac39958eae5c382bfd170cfa0561f8ce939967f367b1b6d37b7c494b34c90ea604

C:\Users\Admin\Downloads\Unconfirmed 118286.crdownload

MD5 215d509bc217f7878270c161763b471e
SHA1 bfe0a2580d54cfa28d3ff5ef8dc754fdc73adcd9
SHA256 984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886
SHA512 68e615dfcb1b7770ad64175438a913744c14bdd3af93b339c2b526271bdd0d23334e78d049fdae8ca9fe66672a8cf252ebf891be9ab6c46a3d8f1fb00fa8c83b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6cc4004ab735d64e81317c98eaed3254
SHA1 daa69d6b9cbc659befcd172589f2c254d65d59eb
SHA256 57a0f2af0ee772a303085b5be36a6b3c0442ad8880628cf503f5e2c00cd5be09
SHA512 37057a010afaca1ff9273c425189dbc305ae0035013161b148b27d58f7f002e68ac32e2d2c4649201e4b790444ed95b7c956808b06b13c8c62b05a7e34e7694f

C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier

MD5 cd3a5e6eec35de14651207c2cfdee595
SHA1 0f6909b1e52032fb0d290c07ed9cd9ac011b63f1
SHA256 70f9e8f0e7a2a4f63584f9082e88f19f02357d47cc790243c714e48718a011a5
SHA512 e301f8f5752bcb8a1c211f6f4b4733d96e676d9da4e9837b88b7e2e667c57a51eaaa5085086b477a64c87dbef80032a7f8f711ca0676550335f62d3f78cf425e

memory/7028-588-0x0000000000E70000-0x00000000010BA000-memory.dmp

memory/7028-589-0x000000000A200000-0x000000000A238000-memory.dmp

memory/7028-590-0x000000000A1D0000-0x000000000A1DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b22bb18662a9948c5d8fa55c5751f830
SHA1 6225f8910cb3914534034c39a623742c53cd25e5
SHA256 6e55db91e44de9df5067309a6d6c78d17e1f1f2364b6013483b2ad7b69189585
SHA512 365e8eb00d739fb3f67b4bd17b921c19579d03039be0b0c5ee701de9f3bce56279cc262addb39116bfc7f955c8fb4a0f2846ace5da89be1149995549c0cbf09c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1ace494b30e696b44ece723ee1fd847b
SHA1 27c7e950a832bd9a7578420dc98a0dbf4d46be9c
SHA256 493e403b6dfe413e796a0297aab29fb71d65fed7a868538814a01e21f6eb68c2
SHA512 f820b751186dae4923462b1e332f3aec2e76fa72e1e8b466e6d134bd561c965c030ed36bda271f042ac3ec363002c5eb78d8f5cce9c2559da2627b6d5916ab90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a39db0d6dfdc6b2e6424c33c3c087447
SHA1 65ab141ea3811b06d830d5710ab1dd667b3e33f3
SHA256 bc937e441af7bf52ac17c6250c8837c169dcc802e6ef961c060ca572b9188138
SHA512 9191ba19c05e935ef51d90c84844d82b3842050e4f9e87c107cc22c4cd0334a88fdbf830db945a379dc52ea3a96015d0283325a9426a06e00c3b906886ae6202

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b5bf512becd04de80ee5a44efc857d2
SHA1 f8680a7702cd5823169bbf25d0ef67d0d78571c5
SHA256 e8702803418e07bd12d9ca88491a8c39ea3696551e87c667a5e888c450c900e5
SHA512 1dc9877e2346294ee04249f8b65a24fff4332cb15544dd00c4f90c574ff11388c24258aa7ba04487673361d50cffc8c505952fca25b445d9c8eb05cd67a81567

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 91056d506754f9974614dd3ecd96e9d8
SHA1 372ba6696ab3ec571e093b369627dd5d29c7f09a
SHA256 f67945d94d481823f455862feb07c13cd1cbd080182b471ae450ef0ece6d05c5
SHA512 06daa155e7c6ff6a213189d4dca34c170114fb715a452e0929d2e371b319945e031efa4a0f0fa8f40f7299e5b625a0c6d44401386dfe00d8095e98d3c4fc2c69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d5d71e842f5c3c8c2b86501d4092b3e7
SHA1 7f3b5587c8f8bcdeb3b8f9a9739af81f1d313a61
SHA256 1b63ba89b008505fb6653082982db26e9da7e933a332ae3b14f03c20761346d7
SHA512 308a19654c6354c61d69f60f6746006786a843fef17e26ef044a02576e4073c1d01fc7b5fd8be0a17af1c583e19eaeba2bc8693fce58f739c06c1173dbb9a04c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 16c4f292ca8f31778b06ae8ca37de814
SHA1 31f9397c3f066a1f125022e5a79b94c4e00f2c1b
SHA256 c8ab134c1089315778a4917c991e88ea8840db177385b02902342d73581d8d35
SHA512 8ca187e9c1ea046594972840fe0bd755be79f25c03d58614ca473cc2a23a61b0fea198db6797e6c71d65d7e5cd3c9acab1faef1dbaff94db72d7a5d18fdec28d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c4350a5d45a9f7b0aa47560595845291
SHA1 7693477d7bcfd343c675371f3c286d89524cc822
SHA256 eb37d264e5a303b5cd71d634adf14cb1562a02c65507deb595042985849c047a
SHA512 f8c54d0dc9f9d75be8ca6412859216f15a7963a3e5f8cf361a871c9a8e63cc5da081ca07a60e312df4d504b5ee6113497351009355c5b450eefadde9ec45a57a

memory/7028-730-0x0000000006030000-0x00000000060C6000-memory.dmp

memory/7028-731-0x00000000067E0000-0x0000000006806000-memory.dmp

memory/7028-732-0x0000000006830000-0x0000000006838000-memory.dmp

memory/7028-734-0x000000000AAA0000-0x000000000AB12000-memory.dmp

memory/7028-735-0x000000000AB20000-0x000000000AB2A000-memory.dmp

memory/7028-736-0x000000000AB30000-0x000000000AB3A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c15c9e9089674d3d50cc3e39e9b483c2
SHA1 4dacfd9852ed1c586bc9469410ec9a1db912d470
SHA256 8513fc9a292af8479fa977a4eeec23ec8ebccf79e6da3c4ad23b7fcde50da10a
SHA512 e92bb9c2ab4f423e6e821fb602638e5f045573dbdebef968cbb2b4152201d045a259960b057a9e31e1b9f69470f64e971ef3e8c72e7c7d36a9b489336541c3c2

C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

MD5 495df8a4dee554179394b33daece4d1e
SHA1 0a67a0e43b4b4e3e25a736d08de4cec22033b696
SHA256 201263498c60fa595f394650c53a08d0b82850349123b97d41565e145ddf2f42
SHA512 ce3bef1038741f7a0f90cc131a4a1883fd84b006654024d591f5451e73166b4cae546e307c358b5b90aa0e6517bf7b6098f1f59a3ecc01598d4feb26e6b6af33

memory/2544-961-0x0000000000500000-0x00000000005F2000-memory.dmp

memory/2544-963-0x00000000085D0000-0x00000000086D4000-memory.dmp

memory/2544-964-0x00000000092D0000-0x00000000092E6000-memory.dmp

memory/2544-965-0x0000000009310000-0x000000000931A000-memory.dmp

memory/2544-966-0x0000000009350000-0x0000000009358000-memory.dmp

memory/2544-967-0x00000000093B0000-0x00000000093CE000-memory.dmp

C:\Users\Admin\AppData\Local\Wave\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

MD5 b8631bbd78d3935042e47b672c19ccc3
SHA1 cd0ea137f1544a31d2a62aaed157486dce3ecebe
SHA256 9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c
SHA512 0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

memory/4824-973-0x0000000000FA0000-0x00000000017A2000-memory.dmp

memory/4824-974-0x0000000006250000-0x0000000006302000-memory.dmp

memory/4824-975-0x0000000006300000-0x00000000063A0000-memory.dmp

memory/4824-976-0x0000000006000000-0x0000000006008000-memory.dmp

C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

MD5 6b1cad741d0b6374435f7e1faa93b5e7
SHA1 7b1957e63c10f4422421245e4dc64074455fd62a
SHA256 6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f
SHA512 a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

memory/4824-981-0x0000000009F60000-0x000000000A012000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f4c46b53069a7b239bead74777f50ce8
SHA1 7d8ba1222baf550627271f5134a132dfe6a48ef1
SHA256 53ff787136abcb0afeaca8d02244a88e7499bf6f4468eec3faa9497e20f478d8
SHA512 d2f009f165c6f44567b3d394bb0fbbe0ca0dcfe21e7537b9f891fd607443294005bb6d98e5124bd986a9ef7f026c565374c4c1b1eac5b99551ddc8269dfb72a8

memory/4824-996-0x000000000B6C0000-0x000000000B6E2000-memory.dmp

memory/4824-997-0x000000000BD20000-0x000000000C077000-memory.dmp

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

MD5 772c9fecbd0397f6cfb3d866cf3a5d7d
SHA1 6de3355d866d0627a756d0d4e29318e67650dacf
SHA256 2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f
SHA512 82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f6638a9568fb52b1c721a14b4bbe24fa
SHA1 b1373d68208957eaa45bf747ccdda16bc343f125
SHA256 03311d08cf9eac7d7f47fae0d5cd075287f567eec10d5093f8469c9b216f72a2
SHA512 f276b72436102846dc3fc07bccf2825d1e8d3c38c9ddcd8dfd3752ad9f798ca71b9546c67663c3fd9b2cbc65987b3a8621d0305df1c728f51b29ca9b1883d9dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 088710d471b40e33e62411d67eca1904
SHA1 5bddbf28cd73677181f3fec3899a99fb74a9b49f
SHA256 21aeb1ae8d8edd0a7c97fd10ead931f1371d51d8a9c2d602e079fa992f3dacaf
SHA512 1e7c27dc90561ea22c5de18a68504e2a1dded2a38da6aa0625b061bb3efa3a99636585dc2a199ad7639ee80e8b26b3856e179a5aad9055b7ce156d7cc49cbd1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 967354adf6dede30cff37cbc8deafb28
SHA1 72230710f0565a8b4bd2cbcf09b1931665973e03
SHA256 24d9b3770c061249b14a13e8764b87a115b1fcd499879e4125ba0539c2d5067b
SHA512 ed564e97ace527e047c22e74635a7a29a252beef9a1356576b17758b8ab927d19b47fb6b73d61cdcda84262a094b4acd2e2617189792288dba673270ce711864

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\configs\DateTimeLocaleConfigs\zh-tw.json

MD5 702c9879f2289959ceaa91d3045f28aa
SHA1 775072f139acc8eafb219af355f60b2f57094276
SHA256 a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5
SHA512 815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\configs\DateTimeLocaleConfigs\zh-hans.json

MD5 fb6605abd624d1923aef5f2122b5ae58
SHA1 6e98c0a31fa39c781df33628b55568e095be7d71
SHA256 7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00
SHA512 97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\Cursors\KeyboardMouse\IBeamCursor.png

MD5 464c4983fa06ad6cf235ec6793de5f83
SHA1 8afeb666c8aee7290ab587a2bfb29fc3551669e8
SHA256 99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed
SHA512 f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\PageNavigation\button_control_previous.png

MD5 6e8a105456aaf54799b1ae4c90000ff1
SHA1 5a9a277b6ef822caaede13b34c222fb69451c141
SHA256 fac4a9e1c49c9f3fc07dbce40f4648987cf90f4c2ed0a96827630341621e9845
SHA512 8e74329066b3c0c4b8303976cc4207b94ebc7ee38b74dedd490c2006feb53a99a0671e407ec649ec9da6a4d3ddff46bb7150963dfa8254364ab619db9ec3fd54

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\PageNavigation\button_control_next.png

MD5 34a4a4801e02097cef3e46e6b9c67c41
SHA1 2f271ae04352f39bb72c677a16da03f19a51f672
SHA256 7ca0bdacdebc16eace9d67078a5ecbc8d9f6098fad80e0d8c09fb5f708ad389b
SHA512 87a29f06c2539a6df2f043fbee747812f0672a9a6a97df906d8a38b9ede7a7e7ad2a61850888e39ad6b45f422680f4c89cc40c3724b1b4a0312dde8c35ed2a75

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\Clear.png

MD5 fa8eaf9266c707e151bb20281b3c0988
SHA1 3ca097ad4cd097745d33d386cc2d626ece8cb969
SHA256 8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2
SHA512 e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\TerrainTools\checkbox_square.png

MD5 2cb16991a26dc803f43963bdc7571e3f
SHA1 12ad66a51b60eeaed199bc521800f7c763a3bc7b
SHA256 c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646
SHA512 4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png

MD5 521fb651c83453bf42d7432896040e5e
SHA1 8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9
SHA256 630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70
SHA512 8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\AssetConfig\[email protected]

MD5 97788161324392fe1af78ff82b9c953b
SHA1 e9992beba9b73f7a03e7426dbf12fdd219633c4e
SHA256 cf2c4273a398e58620f7f751ab9ccae36da95fbd39055184b4f3cc96393ebadc
SHA512 447fca7cd7249597403de54621bb53663f3e378fa043d439ef1abd4363775d28402c6670d4a06d23381073b7585b30661dbf9aea35eef66ea92c8a2501730266

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]

MD5 55b64987636b9740ab1de7debd1f0b2f
SHA1 96f67222ce7d7748ec968e95a2f6495860f9d9c9
SHA256 f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc
SHA512 73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]

MD5 83e9b7823c0a5c4c67a603a734233dec
SHA1 2eaf04ad636bf71afdf73b004d17d366ac6d333e
SHA256 3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067
SHA512 e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\Thumbstick2.png

MD5 a402aacac8be906bcc07d50669d32061
SHA1 9d75c1afbe9fc482983978cae4c553aa32625640
SHA256 62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102
SHA512 d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]

MD5 499333dae156bb4c9e9309a4842be4c8
SHA1 d18c4c36bdb297208589dc93715560acaf761c3a
SHA256 d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591
SHA512 91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]

MD5 e8c88cf5c5ef7ae5ddee2d0e8376b32f
SHA1 77f2a5b11436d247d1acc3bac8edffc99c496839
SHA256 9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd
SHA512 32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\Thumbstick1.png

MD5 2cbe38df9a03133ddf11a940c09b49cd
SHA1 6fb5c191ed8ce9495c66b90aaf53662bfe199846
SHA256 0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517
SHA512 dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 95cd7cd72f607a48441344856344fbf0
SHA1 d27b49c9f0085eae467867249074d0cbb6330891
SHA256 e7885b67def46b6942f204bbeacfb2ae7c95b8f45e635bb95cd3b92043f77be7
SHA512 945894f1c88cab2924bab134640d582a03313cb8045348bd4a117b229bc01c0ab61a0e24df7aeed40191f1a65ecb62dd840edc5a838be262f56db5678f508fd4

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\[email protected]

MD5 3fec0191b36b9d9448a73ff1a937a1f7
SHA1 bee7d28204245e3088689ac08da18b43eae531ba
SHA256 1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89
SHA512 a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png

MD5 4f8f43c5d5c2895640ed4fdca39737d5
SHA1 fb46095bdfcab74d61e1171632c25f783ef495fa
SHA256 fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1
SHA512 7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png

MD5 81ce54dfd6605840a1bd2f9b0b3f807d
SHA1 4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c
SHA256 0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386
SHA512 57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\sounds\ouch.ogg

MD5 9404c52d6f311da02d65d4320bfebb59
SHA1 0b5b5c2e7c631894953d5828fec06bdf6adba55f
SHA256 c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317
SHA512 22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json

MD5 636492f4af87f25c20bd34a731007d86
SHA1 22a5c237a739ab0df4ff87c9e3d79dbe0c89b56a
SHA256 22a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d
SHA512 cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 485db4563466037a2c7a303dc01d3f18
SHA1 54c04a1676a4a9dde678711b2af9636a3be40f4c
SHA256 bf2bbde94f3f18580145c46a5cd23b78b6e0580266ba2398d63941bdddb0fec6
SHA512 e40497295c2592a239e9d98845270d551067669c2c36d5a3dd0c1df09ddbbd39e67d999dc88d3e64289d2a13da4c50d6978d4b76b725d37ab4f250a6b6ab1540

memory/4824-8137-0x00000000067C0000-0x00000000067C8000-memory.dmp

memory/4824-8138-0x0000000006840000-0x000000000684A000-memory.dmp

memory/4824-8139-0x0000000006940000-0x0000000006948000-memory.dmp

memory/4824-8140-0x00000000069A0000-0x00000000069C6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e9987d06e7f856850698b58d0de66f9c
SHA1 450084b216e7e7d7e943e411d2b80139e4f161a7
SHA256 8ebe9d1f3d398fedac3e42f0d22a157edf85fdf8609a132d647bc592e3abc522
SHA512 5eb5d47a10e9737588dc543246731774475fa13a58e741943280db428014444ab874331db67b4596cf7cab3fbc23630fc0da2a24f6816f33cc6e325e1a0ee73e

memory/4824-8177-0x00000000069D0000-0x0000000006A08000-memory.dmp

memory/4824-8178-0x000000000E2E0000-0x000000000E80C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dbaefc7b08978844dfe34d7592154750
SHA1 efecbc9c4e1b3215654d94ef06124d84fe2bb936
SHA256 949bf7e4c17162908ebe3b0af58f14e5e3fa5519fa2c2273266df85f4342f8db
SHA512 64dd87d352d3f8de9ffd0bb7548aa9187efc8a7cd1f97b8355d9b917c31f4146fb22a3861545bd35accb74836e108cad981b453a79c84089cd1083234c095417

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8910e1fe9e344b73a6f7f768f0de1977
SHA1 f75e24c79a10662e78d708f87f1fc57eb79010b5
SHA256 f23d14cecb0d1615cdf69103c5abbcbf558cbdb3c7b2e75a27a91140c34f7e8c
SHA512 7d1c5b73f291961dcadd73516589c9a0cef63988ee0d4b6c807a1dcdd5e81c045b5cbcea97a2e569369734aa1d989a1f0efe2bce000c31db6d4b33f1b7a4e510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 765039ba5cce56f3dbebe1a39cdff7dc
SHA1 65cca73e93b0278eb34eb4d3b33bf6ea2acbdb46
SHA256 88447d173e7a083884b41bc398d0adb2b2b09a1bea91a1cc50bffd7169866ea1
SHA512 abcea250f29e7e778f7bbde5fe9b9baf001939ba1337e2e2b9138433e7ea282d5f0db078a93a735c6990c26a17aaee51c7fb059407c7c2d1adc7a30d50094ef1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0a68a70934a876926845b6287497ce27
SHA1 727117a8f7515cf86c0072f80c28f17cd46f03fa
SHA256 ac228fa24454bac447501dc8a0d9581a206ffd38d82e986c99f0c2d33382d14f
SHA512 b8f4a6ec3bbe1cb3a34eead3ba4708984372491afe88e379906cf37072e4c97d2884184ffeb99d62693bb4791d1c724a7a73ffdcccfe942d6bc6f52a64837cc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 01a4edea8283b75f5c88130546e10994
SHA1 d438fa7c97919e06835d8e43885734f1c6c0a6e0
SHA256 f4b073df1db3966f6cf518cbd5f233aa3139e09948a466fae5b9af5c34795f94
SHA512 7a0a22ac1bc653ba15cdebc817d5ffe7446362a082d235b43535949b394d16f53584fa852026b46592bac50f0b01e74c4a86ddee1da0ffa85ebf1b5bb9031c7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7ad602adbb9115629cc0d117731dac46
SHA1 3a58a48ebd309f98f71d1c5c5bb1464362a671d0
SHA256 040e9c9c51b3d2dfd04229bdf47536be5ac58b65f96cbefcf274ff7165315f5e
SHA512 dcbb5184f6d3b6e0ac3b1ec1cf2316023394d785d4215e6d41013ce7041073933a5d3be3229d730c7569bb043907b5937b6c2aa19b67099e886552e108e3dd39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ba9f008419cb3ac91b56c7ba8fe5e4a8
SHA1 d6e26b3795e188c73f68ed24df0432c944278431
SHA256 19da200fe1f8410e6fcf18b71c0316c02fa3ca255734f920cd880baac690e2ed
SHA512 78803b8ac8ca963e49f57598bccd6fe9a2513face7113df781a58c329a81cfcc5b0e4c10d8855c09926e17ea9afe7727d8a614baaf73cbedeebe7f46592f808f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5097fbcba8a77175ebee8680522c7378
SHA1 a95e6991488be1b53014db89774dd9272b38a5f9
SHA256 e8eec7aa914e346860599fee91034d599cdda61b35e6965eca684317aceebd43
SHA512 b3448e1750316415b2fe8d7f5a96368f09fda9cf6a6ca3ed5acd09344c956bc3f924b63e5ef0755a633c7c81ea2b7f41e1bb4cd38e9fc22a3159946dfc007ade

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b08fcd279c5d061555440d8c0e7e916
SHA1 06e6cfbef081ae65dab5198e34a65d707a3af247
SHA256 6fd2f19de610069d6fd1ad4b1292a929514f8a2283c0c7804528a9f55056d83b
SHA512 c12852d0374bf62eed66c89abab03a505c4a4b129395a27d2dc7530430bd65fa46c89ec4f3d998bf00d18799ba95d164040321e1ae550a1e9eeb22c1f446c990

memory/7952-8288-0x000002841E9F0000-0x000002841EA12000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wy2wfqft.dcf.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d1c8b32d3d9faec609b423397bf707b5
SHA1 6226a97c10a462a3175fe587c9bc324b020e756c
SHA256 b2753a199dd2eac99223704b3436ed0d54b8357503e8b4995807fc1af0dd5500
SHA512 77695663969c5eb1b958330cb9f565e8f40257fd6fa8836d240e011e0d1f95872c6dbe97a914029663b244b8a98024b31bdabdbd25f4d2581f2ddbd897039cd6

memory/7952-8298-0x000002841EF20000-0x000002841EF66000-memory.dmp