Malware Analysis Report

2024-11-13 13:53

Sample ID 240918-h6jgtszanr
Target http://fortnite hacks
Tags
rhadamanthys discovery execution stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://fortnite hacks was found to be: Known bad.

Malicious Activity Summary

rhadamanthys discovery execution stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-18 07:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-18 07:20

Reported

2024-09-18 07:24

Platform

win10v2004-20240802-en

Max time kernel

211s

Max time network

212s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 460 created 2604 N/A C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe C:\Windows\system32\sihost.exe

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{58CAB6F0-62CC-408D-820A-396FD3A35EA5} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RG_Catalyst\launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3528 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 2656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 2656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fortnite hacks

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe746446f8,0x7ffe74644708,0x7ffe74644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f8 0x500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6204 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Users\Admin\Downloads\RG_Catalyst\launcher.exe

"C:\Users\Admin\Downloads\RG_Catalyst\launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe"

C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe

C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault7eb9aa51h81f1h43d7h9015h647e3ab93fae

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe746446f8,0x7ffe74644708,0x7ffe74644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12123340677068003006,11828206615422346874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12123340677068003006,11828206615422346874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 2.17.209.56:443 www.bing.com tcp
GB 2.17.209.56:443 www.bing.com tcp
US 8.8.8.8:53 56.209.17.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.143.146:443 th.bing.com tcp
GB 2.17.209.43:443 r.bing.com tcp
GB 2.17.209.43:443 r.bing.com tcp
GB 92.123.143.146:443 th.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 146.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 43.209.17.2.in-addr.arpa udp
US 8.8.8.8:53 bing.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 tse2.mm.bing.net udp
US 8.8.8.8:53 tse3.mm.bing.net udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.204.65:443 yt3.ggpht.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 230.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 be.com udp
US 172.67.203.142:80 be.com tcp
US 172.67.203.142:80 be.com tcp
US 172.67.203.142:443 be.com tcp
US 8.8.8.8:53 www.be.com udp
US 8.8.8.8:53 ced-ns.sascdn.com udp
US 8.8.8.8:53 factory.reworldmedia.com udp
FR 91.220.85.233:443 factory.reworldmedia.com tcp
US 8.8.8.8:53 js.himediads.com udp
GB 88.221.134.88:443 ced-ns.sascdn.com tcp
US 8.8.8.8:53 sf.be.com udp
US 8.8.8.8:53 sf1.be.com udp
US 8.8.8.8:53 sf2.be.com udp
US 8.8.8.8:53 sf2.viepratique.fr udp
US 8.8.8.8:53 sf1.viepratique.fr udp
US 8.8.8.8:53 ads.rubiconproject.com udp
US 104.26.9.18:443 sf1.viepratique.fr tcp
US 104.26.8.18:443 sf1.viepratique.fr tcp
GB 23.215.239.190:443 ads.rubiconproject.com tcp
US 8.8.8.8:53 vjs.zencdn.net udp
US 151.101.130.217:443 vjs.zencdn.net tcp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 151.101.130.217:443 vjs.zencdn.net tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 216.58.201.98:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 sdk.mrf.io udp
US 8.8.8.8:53 api.dmcdn.net udp
US 172.67.159.162:443 sdk.mrf.io tcp
US 8.8.8.8:53 s.w.org udp
GB 216.58.201.98:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
GB 108.156.46.24:443 api.dmcdn.net tcp
GB 13.224.222.87:443 sdk.privacy-center.org tcp
US 8.8.8.8:53 w.estat.com udp
FR 15.237.22.192:443 w.estat.com tcp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 implcit.afcdn.com udp
GB 142.250.179.227:443 www.google.co.uk tcp
GB 142.250.179.227:443 www.google.co.uk tcp
US 104.26.14.106:443 implcit.afcdn.com tcp
FR 15.237.22.192:443 w.estat.com tcp
US 8.8.8.8:53 www.wysistat.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 acdn.adnxs.com udp
FR 57.128.80.55:443 www.wysistat.com tcp
GB 157.240.221.16:443 connect.facebook.net tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 233.85.220.91.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 18.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 18.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 217.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 24.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 8.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 87.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 162.159.67.172.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.14.26.104.in-addr.arpa udp
GB 142.250.179.227:443 www.google.co.uk udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 8.8.8.8:53 55.80.128.57.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 events.newsroom.bi udp
FR 162.19.96.4:443 events.newsroom.bi tcp
FR 162.19.96.4:443 events.newsroom.bi tcp
FR 162.19.96.4:443 events.newsroom.bi tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
BE 74.125.133.84:443 accounts.google.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.96.19.162.in-addr.arpa udp
US 8.8.8.8:53 84.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.10:443 rr5---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.10:443 rr5---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.10:443 rr5---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.10:443 rr5---sn-q4fzen7l.googlevideo.com tcp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 10.140.194.173.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
US 173.194.140.10:443 rr5---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.10:443 rr5---sn-q4fzen7l.googlevideo.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.238:443 consent.youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.54:443 i.ytimg.com udp
GB 216.58.204.65:443 yt3.ggpht.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.212.193:443 lh3.googleusercontent.com tcp
GB 216.58.212.193:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
GB 216.58.212.193:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.40:443 aefd.nelreports.net tcp
GB 173.222.211.40:443 aefd.nelreports.net tcp
US 8.8.8.8:53 40.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 rr1---sn-5hne6nsy.googlevideo.com udp
NL 172.217.132.102:443 rr1---sn-5hne6nsy.googlevideo.com tcp
NL 172.217.132.102:443 rr1---sn-5hne6nsy.googlevideo.com udp
US 8.8.8.8:53 102.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 172.217.169.65:443 yt3.googleusercontent.com udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 tinyurl.com udp
US 104.17.112.233:443 tinyurl.com tcp
US 8.8.8.8:53 www.dropbox.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 233.112.17.104.in-addr.arpa udp
US 8.8.8.8:53 ucfd083461bf6c511ffc3c20b8d1.dl.dropboxusercontent.com udp
GB 162.125.64.15:443 ucfd083461bf6c511ffc3c20b8d1.dl.dropboxusercontent.com tcp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.17.209.59:443 th.bing.com tcp
US 8.8.8.8:53 59.209.17.2.in-addr.arpa udp
GB 173.222.211.40:443 aefd.nelreports.net udp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dd2754d1bea40445984d65abee82b21
SHA1 4b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA512 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

\??\pipe\LOCAL\crashpad_3528_JLCFXIIDRCUULCLW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecf7ca53c80b5245e35839009d12f866
SHA1 a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 65e16e78f6984354b823a85b2b1424f5
SHA1 8216dd5974731888e58515196fef594ac146b291
SHA256 2e55a0da9e11c0618cd42facd37b42dc04e3f3cf95c0554279e47a3d927d5f7c
SHA512 c63ada573a970aae7307b7eae5a6585b226db570d16cdf134e5e4c40bcc5c0e717239d23ab5c83ada63282c408038fcb5e0b8233cf8332ac5c4bfd68663c51d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5a802881ddfe7339f59480a152ebc09b
SHA1 85068601977133fad768aea670c9ab0f97605f25
SHA256 c21f559ff7070e39d63b05e317d4f5bb6a0cfac3c7b9a76640f29eb2ce0772c4
SHA512 60b254911b53e57de082ce449718eb05bc7f54c05dd441b36cec43162a8dd24426952cc23f95c2d7402c752a8d64ce8c62943c1f39b518098660927ebfa9cb12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2264718bb68558633ae7f6f6f3129b00
SHA1 5a7fd3a07ced71556da87316f806d9e235f78afc
SHA256 1bf6c0261430ee281edfe99d868b4559f527afbca856cfff1fd88b7c9034a353
SHA512 a72c5bf853f29e7e71ff9858c1585244ce4b1a7a00a9bb89e0bac9b2168704b8dc78d1c159cda782fda286a4a0af7b2ac690dc6920b1ed9a2329602c481ff7f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8627be418f1f3486517db621a6f7f3f
SHA1 95755332e19e500aa933c5428aa072acca34b2e9
SHA256 71ce3439770237eb31c65f7c787b6c3e8f383c551e05e81d2f9de330927a5ce5
SHA512 935b76e143ce2082831572ad51c0b0ef58b4f35188f211846a62f84178871826ab439779e885bd1131cbc56d240f9eada03394ec60cf1483f4e4b60c06a67130

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f299d5395c17f0242d0b6f61fe028f3
SHA1 9e0821ba4dd0273b2ba096dd7acf28433026590e
SHA256 8a8cad85e56a319e2f9e60e15c93dba4c2658d9e02e414f4443a76e7acb27802
SHA512 4ba9cbbc0766680c474e584fdb7e17aadfebaccae3b5aed51423495332fda30ca418ba08284444edb413087b1b3caed6ec2825525e4955871cff11c3ae8a117d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a8afed32334a97c981a84a4bf47943ed
SHA1 a1f8e497fd647e83e644349ac6e9279ab682c1fb
SHA256 9cf7ee9a15b9834e641b441e62ef7ea407a6e854979acd2a0a2f7abafdfc13b8
SHA512 d4209b24d27a619c5bb83035ae3a0c6ca95e86dc0ae6f4bb0a90915d7144696f5328e283d37398956c46d3256ddcb9844d2f01c490c8f224469bf83a185d04a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa74f0ec54adb880216ac7fb7a5a22c3
SHA1 20e262df21f49e48dc14f1c52448a6b14145b5ff
SHA256 855061ed20c4cca0fb4d40f6cf8d9d544661e6e09f0a11a50d32612b38d985da
SHA512 a607ee8b1756297c0759accd5d69c8084cf85cd8c4fa718b5c567efdaae31dcb79712e8a204d30cab470a225ab65475cc78668a07726e2fadb5199bec8e090cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c324e9a7421f1b17a4e52f0552553a92
SHA1 4ff1998135d2ae7e504e7ec21c955d11180138bb
SHA256 9dae5ec128d657712b4b2719ec3f4c97e5f8a614316630bf1fb5c657d92894b9
SHA512 53640669d27772c390b805000be40c732078850ced8434dd8a6c4a105a0d58a2db148098062da26d82984204a06e28d75f3bfa48eb0efe5ecaa766d174fec741

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4c0945f9cd3425f23b18a632dd19099d
SHA1 9674c45b6c1393c7296f08dbe50cf71420b41f3a
SHA256 871a22125ada1947db0d9b93696124666f66054116b8db33b3b6733971084730
SHA512 0a69031e5dd0e84cf52376953f751eab6772746f4b1c33a1951dcff2ee68b972ea19af8bc63f402c93fd107649af337334f0fb077452f24bc3b6328b083a8296

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e17d0aae60a9c48b0a229b8689e44f68
SHA1 105b169d9c79d9e9d694832b7cba64d035a2fae8
SHA256 9e4ef500e6cf3362db1a88f3b57d9941d02b9f5c7daaa59c2905634459386ddf
SHA512 d0868a6f9f0f26b79bad4830519288eee281fd628b9ffd632a8561577b75941a5825edb6755c212fdc1c9155a91164ffef7468dbbfb46d2bad79669360aa4bd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7bb7e0078bd80d67217536e1b8067fc0
SHA1 b51c730c3d9ff98cca0a4bd52c618ddee620af0c
SHA256 3fd03a6a45a5f8dd570a2928411a5987e0166153f6224963aeee25757618266b
SHA512 cfdf4d35f0f1f5144596d2951641b868298bcc83aa9992efcbb065a7f572152feb6b9a4fa22f0df115c453fbed5a12b96219a1b27be17380bb49890063643bee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58623f.TMP

MD5 f98817ec768684422040047a52db885a
SHA1 9c6481af0988dd0be4425735d43a0af75518cf8f
SHA256 40d53cbae70bf6169f94b6c744c12846b1fc2f37fe5b2505d5824417e9d9e8f6
SHA512 c5287b4eb9192ebd834d6d8b4b9e9ea9bf55bbba1d6f364dc59b6c7d2c0271d8080c3a2c1166d35fcfce92c61988bd0f8a05328a2c3ad2184ad9426bdd4e1f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42a0ee4a10061aae074dc508b990b5b8
SHA1 ffafc86fe2936140e49e058939b4e60805e9c1e8
SHA256 edf2b6cbad0ddd523f37a588b544debd399fb0c8c073350a980fe68eaedbbc4b
SHA512 b67372b17ff2b02a9e7ba3b9897fcfe9dd3ca4fd5d59925017baa66083fd55556af55a7d60d0b2d8a17aefd323be2cc07bb3f5e076879c65d841c9d719e9f9bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d6282b707c3350b3813eccb5130ae5c
SHA1 392b3e0d14f598aea4b434e4f07aca1e29f2bc24
SHA256 0493cd9e74bbfb8fd7824f781c62e54156f8b0f9a54255f72c7eb2372f04d5e2
SHA512 1480551f0a4778e98a82ac755160e74a7a8794cffad4a4b99d062f00b4dea16044db52e1c65bfb9d2f93290433aebc572c411c6bee9123d0544d9f2d469e4c08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a515.TMP

MD5 82700e87674913609e68c903b045fc17
SHA1 5aee46a7ec40ea46e47c119bf23b4a68e1d392b8
SHA256 cb9bc4100c76f0481d2ca3ff81e1e2466780a8afeaaa56018f5178a81eda04f7
SHA512 a0fc2b13cb7ff80d997af2ed35819bbb1d00300a499641f05e4381a39c2c281ec6b72a7321ceb2bf684a3adbe1086b460a975638eb4441bcb0619e7af0095fc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 548b5555f6889fda54406069e7963d53
SHA1 787fcc3b61b065bd4b408350f56b07b4244745d0
SHA256 a3f7b00da2a1d67e2c9a8cf828c531c2102435d7abf4fb9d12df6ea5c7fd6f15
SHA512 a214500e94d6792bfeca7a899d919280028956550c1c2805ea838cb0e6a3fde607c83e021de3ae296ea1bae2896c0e3aa9b52d45369fb39fb63fcf506e4072d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4fea375c0ebd7cdb5ab6aa82893facae
SHA1 0f2f6e5b646d7254cab8f77cffdd82bca45cfcff
SHA256 e4d8f7a700adb104d3eab82b3c73cc73fa615268d2f2e8e34e8c69ad51dce761
SHA512 69cae15ca879e037de25f374060607251a7a1b2d21d765072343666820415bd1af96ba811cf341975f1e3a7200720ac351f95a6b8319043ead20e2f7f142f9ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bd700a20dd183f38ed7195ede97aedb6
SHA1 cbfb67586d6877f5354994041babe928de5c29f9
SHA256 b6dc6086cc5ad64dc438116d703285dfabf025273dab0269bcbebe2344c76928
SHA512 df32365bf0e09e03a67b0a05be69b84a8e12140f578b9a16a46c6aa0777638d4b172e0e0bdf94785a2025b71adb84fc5f19392c5f99446999a9fde40b0b1c1e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90e64c92-5ddc-49b3-86a0-76ba677c2edf\index-dir\the-real-index~RFe58d32a.TMP

MD5 1ca78a0ad747340117e879c1a450b5b3
SHA1 b4d0b2fb3603a218688b67b9c032cf4536dea3dd
SHA256 54b07e6f7f36d36f629186bb7f35f4e1a9c194bef351976fd4ad85ab2de4872a
SHA512 3c1efdf505b0a1cce092ef1f2c1c7be0907437346a1eb0f81a8667a3c35fc26d222ded87a5dd3d620c7f58d8b23604122dd84988c662440d0c260ef3be35bc4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90e64c92-5ddc-49b3-86a0-76ba677c2edf\index-dir\the-real-index

MD5 13870318e22e4e227ae99323f19a6911
SHA1 75f48ec13004b1cbc61022520583da173678a6e1
SHA256 089cff6d45217b496cb265a8c1eebd5ed21b53d6b9b7e0caa525804a2a867503
SHA512 cea6147769039d0d2dccd02e5525151679ce061d0649761dbf8523b396ffb4899019c426ae24cd0a8d78b60763fed4547e98fa5310715711732e860e5fdd0879

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 44864f70d15a9361715ac45fc56fda59
SHA1 973be2115718a97a4e172c4fa1b7c133a6813b82
SHA256 649c5eda2b06862b52e1108e6fb23ea9118bed0c7f01d55947277f1de6b71df8
SHA512 5cafddfd702936c755444b5c8dd35d164e3111889ed00fff6cdbf28b6095e789147ca695b08558a7e34a98ab4f8bfee0198f9fd3bb835ff4e0381fad0b032a47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bfcff8d676aae78bb8c7a2c12cb56297
SHA1 3bbc0de27cde9c968fd22d2d9e4ad25159f5316a
SHA256 0d03e4776192ad99f6944839a816ae4a9080b1262ff8f06aaf90b09d5853cba9
SHA512 0aa7b14251dbbb42ec6c2f7ac5b19d089a56246b98d578743f4154f9736fb6134dcce5a384b44b1a04dd32435f70d0c972bf6b172fab7bf1c5fe4427eeca340b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 366ba33719b4e7110f6a0e3ed3b632d4
SHA1 af4093b6f393a29ca906efb097806dbc87697ece
SHA256 fe0d49a6af7975d1a509b1abda9f2df76a357a3631edf99961e43ff33e9ca7ff
SHA512 25529408f15a7de0258ed6beb58fbc8590aa07c7e00ffc910e486f5c64e677d4f8af77208e53fa3067843b131425d01cfc0bd0d9a98154f4d0f62f7019647f6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90e64c92-5ddc-49b3-86a0-76ba677c2edf\index-dir\the-real-index

MD5 9a137535d4389ff76d65dcfe4ac0abf0
SHA1 a9f0bdc558796f05b5c4518cfb403575ee142244
SHA256 74d5d64cdc2174a06da447ae41679419f8c4a59146d4c127c8bedad06d5ecae7
SHA512 8b5eaf615d6a586e4ce374ffc622e3242df5e7ff219b2edd901795fad05617b34c27c95db626cce7dd5fd91a600074877d60b68d41c91b6a8af8eac069db85ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 82ce322cb795d0541aff1415663eeff1
SHA1 35f8f6380eb9781ac95666c091a8aafa716d5cb4
SHA256 e7e9355c77474a49bbb2002b0689f0e6ea1f0bf048f3b4920c527a41e8e45c44
SHA512 085d12c94d3b3ea9ffe76379599450ace85283703ad9e87dbe359ab0a8985e7de2c9a1d918ba57dcbb0adc52ca50b16eead76b6bdec39028609e2c180068d826

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6cb3fed5949d3859f21ee24eb9a6a19f
SHA1 a0c69b261b542c41ea437c0de03c983eceecbe5d
SHA256 be74ddead342819fb558ce64a016824b5fbf6420ff3c22fbf190b7f4c517da93
SHA512 dab2b5a2c86978d9b6595e35f0545f8a683a46450d0769dc4b043ae1f44671e994a122793303a346dcdaaedf33969d004e2d2737757198cfc71ea85996a03d0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f0edf80dcab6d31c6b0bb157a86ca918
SHA1 a681ea22b3e325732ca92274579be6bf9048a4b6
SHA256 a1c6efe5122561570fdd1b383a7e84ed094d10239f9812eb0b93fbb3a9e0ee8d
SHA512 81b29a201e726ca0cada4859e67359a42c5de24963830e14097d837fff515db4ef010d83e1f72ed73d36400068d49baee70228c3a335e746261472dc62177f48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 58756d99d2376dcfbede6057dd25a745
SHA1 76f81b96664cd8863210bb03cc75012eaae96320
SHA256 f5d0da7b010b28a7fe2c314724a966c44068a8c8fa7e9a495e1284aa501067fa
SHA512 476e35c3da0cf223e773c2d26403c12f8c8d034273cca9e3c4cba9359f8506159c2a5267793c8bd9982b636191ddda62e9119593f5599053894c7027a58acc10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 4308671e9d218f479c8810d2c04ea6c6
SHA1 dd3686818bc62f93c6ab0190ed611031f97fdfcf
SHA256 5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a
SHA512 5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 546dc33178c5d6dfd147eb524c028527
SHA1 d9b762ece8f3327c4b994b17c4019e902a7d34aa
SHA256 1fe73deca2752c5bbd64bf30d3a2957781d63a9d8b1f85d36ac15b24cdc1e64f
SHA512 d5fddb38abf73e283cf43d2a94d26174095047e942e5e867cc1bcf6150adf871d15fdca0c24ad29df5107c3779cd85b773070a105045aa46cacea98c804b7735

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 86d95dd4e9dae5ac15822c6280fd1ff5
SHA1 188258075f78716e7a19eedefc6a295220e95df7
SHA256 7a38db88e734f3ff40208c347269bf17e79d63a63c4e87c2d6b52ce9af06f57c
SHA512 a916701eb1497e30102e5a7bf7ddf9a4a87ef238c5af11904cda92edafde94f749a07a89705e0579153dc65dabefef1d99a7c65468f27fe192c4092358326c30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea01644fb84412d57071b9324126da7e
SHA1 fabe5bf25894858f697ce25137e439b5874bafa8
SHA256 9c9d4ae4c18675bca267aad4eba1b830ec2c429c88692936999e7da65147be5c
SHA512 39f86642ba96371fe84b8735d86dfb6c0b22e7945265792ff152682495fdc8f67d8e8c76325d1ee9607be843efc151ff67fb4729e7577094b0df6e3cb06e8927

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c2aa0123d9d88b4459345ca3721437f2
SHA1 24302b93da0933c5824ba48b9b8cdbf1d17a31eb
SHA256 7819103588b5c4bc91eb9c4b830235194a639f1d83980dc5d7cb7b46a3300394
SHA512 3fb4f3fb66911f587fe8c3227f2f8781cc0ce4e59d74c9605a1a7343f199b70ea5918bf1b78996616dea50720a91de0a03a4a1a633f708955797908a93398d22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 847c59f26be0908667efe14b77cab58c
SHA1 ec8c30d3daa70dfab150f0c8792954dddd4ee7b0
SHA256 d528bf8e42430b1cf41afbf5d85b120c207a530995148681f04d530afdeb342f
SHA512 279f39b0b34d9a2b8aa24c2f264ba5738d4b768d1a788647e5b8b2b9ff51b2fab1392afe3a2bf6513217f1220589928ee4ccb53b1d2f07203a7a62535d04ad33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7aa849679c5db59bfe6c71ce7d63f629
SHA1 01910e1bd7225f22a6fd2a75e85ae908d5699d0a
SHA256 492bc31258b29cd8183da12e10f53ae401bab6af66359343780b5ebdad1aa835
SHA512 b15ae4a749e4765c9a578e204ce01d234f4a26c5b0645f77d558b00e9b8e0243d4dc761f60b87fec05c64468d4b6c9c3b4cf30c5bd58c97403ded91a2f913ce6

memory/3116-1291-0x0000021278770000-0x0000021278792000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iybfe5rb.unu.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe

MD5 588a46f868c4f4dac5b9b255f2584362
SHA1 f6b4502c0abe6f2ba66cf98b84a90dae89efcd97
SHA256 c396b25bf0b7ad349be220d1e1a78604eb1f83b6c42776c53cbb93155ef57a15
SHA512 ea1294e53bf6aee1266de52d38f40be8689f0f8056a43cba04c57c63b7640f9e1b84e1431e79d838b8a9d61956b1044e730b58883882a71e5f02ff477b17972a

memory/460-1307-0x0000000000410000-0x0000000000945000-memory.dmp

memory/460-1309-0x0000000001000000-0x0000000001001000-memory.dmp

memory/460-1310-0x0000000000410000-0x0000000000945000-memory.dmp

memory/460-1311-0x0000000003BB0000-0x0000000003FB0000-memory.dmp

memory/460-1312-0x0000000003BB0000-0x0000000003FB0000-memory.dmp

memory/460-1313-0x00007FFE83050000-0x00007FFE83245000-memory.dmp

memory/460-1315-0x0000000075C40000-0x0000000075E55000-memory.dmp

memory/1784-1316-0x00000000009A0000-0x00000000009A9000-memory.dmp

memory/460-1317-0x0000000000410000-0x0000000000945000-memory.dmp

memory/1784-1319-0x00000000027F0000-0x0000000002BF0000-memory.dmp

memory/1784-1320-0x00007FFE83050000-0x00007FFE83245000-memory.dmp

memory/1784-1322-0x0000000075C40000-0x0000000075E55000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a078fb69afcd2b551362f817ff88b752
SHA1 84fcb9a8772baca90d25c468047562a7fbbbfbfa
SHA256 f8ff681036f889051f2acbf41dc234b26335bcf3e4242ca8c24486b82cbf00b9
SHA512 4a32b4edcc1182f322ab733c83b30e9eb66d02bb12c82bace53277069450f046344ad572fe30576c086d842b0992f44f5dd72e9567d3e7ceca7d99c4df6e60a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 703a4c9bf0be66204a4a0f931256d163
SHA1 98e92b4acf747aea907669899bc295c880a99a5c
SHA256 aa9fb1daa075397b48eb8bd839f4f8076513242fe71642153faba28714af3e98
SHA512 a7a7a96997d0fe76ee19a73dc5043f1450938a8906a7d413d5e61546c36b141f147d01309e12e791fb7abaf06b550c0cd1eaf317552b6760a2f9184f6d197a3e