Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-cs5j9afg47
Target 8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b
SHA256 8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b

Threat Level: Known bad

The file 8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

Mystic

RedLine payload

RedLine

Detect Mystic stealer payload

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 02:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 02:21

Reported

2023-11-11 02:25

Platform

win10v2004-20231023-en

Max time kernel

199s

Max time network

202s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5032 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe
PID 5032 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe
PID 5032 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe
PID 2184 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe
PID 2184 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe
PID 2184 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe
PID 2056 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4024 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4024 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1516 wrote to memory of 2692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1516 wrote to memory of 2692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4092 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4092 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4892 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4892 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3372 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe
PID 2184 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe
PID 2184 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe
PID 4788 wrote to memory of 5484 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4788 wrote to memory of 5484 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4788 wrote to memory of 5484 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 5844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe

"C:\Users\Admin\AppData\Local\Temp\8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x13c,0x170,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17854648917854004303,1676894217722503669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,3328960251432911309,17226370569059211946,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17854648917854004303,1676894217722503669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,13218261192906753097,10451771638398150661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,18018481781736533034,5458002315968924817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,13218261192906753097,10451771638398150661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13104756846072646627,6522750811149198073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,1309110048429547625,9383463848562010292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9582348606883125775,7644132924658526709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8189772015992859287,16618023103039153671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14413856281131104226,224962346440790426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,3328960251432911309,17226370569059211946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8885517875737529602,4570816504638589251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,14413856281131104226,224962346440790426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8189772015992859287,16618023103039153671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9582348606883125775,7644132924658526709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,1309110048429547625,9383463848562010292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13104756846072646627,6522750811149198073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,18018481781736533034,5458002315968924817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,8885517875737529602,4570816504638589251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17854648917854004303,1676894217722503669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lm94fi.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lm94fi.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5484 -ip 5484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 540

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe

MD5 ebd283624322ff81ec7fe3c2e6e0ba39
SHA1 0dc2b9bc52aafb942221408377e075feaaceabc3
SHA256 ea909b6754d5985029c59ab76157da77d0e1e8c7ca1663c26af8cc714df784c6
SHA512 fed1e6e7273ffb15010f2a3c80252298ce4c65f582090e5c59688005d7958deb592040fa62c33e6991d17e8e4e51f6399cb5b3a777cdc7ea136d9710753a921c

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe

MD5 ebd283624322ff81ec7fe3c2e6e0ba39
SHA1 0dc2b9bc52aafb942221408377e075feaaceabc3
SHA256 ea909b6754d5985029c59ab76157da77d0e1e8c7ca1663c26af8cc714df784c6
SHA512 fed1e6e7273ffb15010f2a3c80252298ce4c65f582090e5c59688005d7958deb592040fa62c33e6991d17e8e4e51f6399cb5b3a777cdc7ea136d9710753a921c

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe

MD5 7af3481fcaf913f1c7ca5be953777692
SHA1 7190fb8a7cc0a2fb557a61862527a0c6ef73601a
SHA256 8a76159e3f32a9ace8637bb1afe6cc286dd0480a6e8c483086c6400ac78b61ca
SHA512 5f570bb5f97e7bf857948082c58fc2a94fca7449483d90270f9df2b7bba1e6c121991bf124b6141f92b0e057e948b0803eae1fea86acb86ce165077aa4c4a56f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe

MD5 7af3481fcaf913f1c7ca5be953777692
SHA1 7190fb8a7cc0a2fb557a61862527a0c6ef73601a
SHA256 8a76159e3f32a9ace8637bb1afe6cc286dd0480a6e8c483086c6400ac78b61ca
SHA512 5f570bb5f97e7bf857948082c58fc2a94fca7449483d90270f9df2b7bba1e6c121991bf124b6141f92b0e057e948b0803eae1fea86acb86ce165077aa4c4a56f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe

MD5 add9c2ed18040005fc24ba1df3a65d50
SHA1 5bfc7bace88d3cb5fc38a8fbac602b502f4fb5c1
SHA256 b233c6c843df05010bbf39b2f1324bbece3156f501cb41eb8cec218cb3d37570
SHA512 377c7363a47795284c0e7ca9db0bba805fdbb02f847d61d66aa4269baee9d69031ad50c450fb46d9b8d4a79acb613ee271bf22f9c204d2d20cf3bc35163f730b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe

MD5 add9c2ed18040005fc24ba1df3a65d50
SHA1 5bfc7bace88d3cb5fc38a8fbac602b502f4fb5c1
SHA256 b233c6c843df05010bbf39b2f1324bbece3156f501cb41eb8cec218cb3d37570
SHA512 377c7363a47795284c0e7ca9db0bba805fdbb02f847d61d66aa4269baee9d69031ad50c450fb46d9b8d4a79acb613ee271bf22f9c204d2d20cf3bc35163f730b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_3836_DTEEBNEKUARAOFVX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3828_GBGZEDKCQFNRSIIB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1516_OZZCSPHUGUURECOZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4892_ZMEMTCVAOMDGXNHC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4024_LJAWJJKNKFBEJYVT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/5484-122-0x0000000000400000-0x0000000000433000-memory.dmp

\??\pipe\LOCAL\crashpad_4092_ELTNYUNKKJUEXBDQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3372_SUJRRZCVRNRMBPQL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1412_VXGOTQNIGIXWGBKC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/5484-129-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5484-126-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5484-132-0x0000000000400000-0x0000000000433000-memory.dmp

\??\pipe\LOCAL\crashpad_4260_POPSUPQOKJMZBADI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1232_MAAXYIBKILPILXRZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lm94fi.exe

MD5 dcca66c9de49d1b378eeaca6cd7f64f7
SHA1 268864a238705ec1bba90ef7380880818ab4bb73
SHA256 8f57ce9a4b5177f85ef2ea923dd92f519b5260b7a9f012c275e42ca5d42de5ae
SHA512 674caa90eb43f8f8843ce976a250a22ccc14b628854edb674cd28ec9cfd4a95760fcbbdb2e11bb41e21169fda49ab78398f8bab03bf1a67a2a1f615426048f17

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lm94fi.exe

MD5 dcca66c9de49d1b378eeaca6cd7f64f7
SHA1 268864a238705ec1bba90ef7380880818ab4bb73
SHA256 8f57ce9a4b5177f85ef2ea923dd92f519b5260b7a9f012c275e42ca5d42de5ae
SHA512 674caa90eb43f8f8843ce976a250a22ccc14b628854edb674cd28ec9cfd4a95760fcbbdb2e11bb41e21169fda49ab78398f8bab03bf1a67a2a1f615426048f17

memory/4360-176-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 397dfff9c98afc8d3bdb336355076564
SHA1 cd2cecd2f50f9ea01821a49ac87b397a236aca70
SHA256 35b3b63072f8948d16db7fac676dfe90022268bf9e064894a0da11ff21e6124d
SHA512 cd0683b9d4fc2798917fa1cceaf612619b82e0862f26382f85cd244b16f68c6f213eb36342c46a334df17054d1de6017f2c9685ae0768c8748bceccc5ac4a8eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4c3f3d4a-41d1-4d5e-bb55-7363985cdb86.tmp

MD5 d0a6a966d9ee932e984eb5b6c9ad8286
SHA1 002907aefa3c193d7ec7d4c7867f5e4599d28316
SHA256 50c9e64b2f9812dcdafa4c12c731d372e0bdcf93ce1585ed7c9e296ef946bf39
SHA512 bd5660bda8ffe473c1e975c6005cda7b68cc841e9d71705574882cfcc0979bc6ffbfc34806b4a279c6096a4df9616ea7d52752f53aceb1c79e570b3cf151cefe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\75d6a0eb-1eec-4ff3-8bff-e9ab3c72b6eb.tmp

MD5 5f0129e26e1c24702f863eede1fa096b
SHA1 e3d491c8ff4816e91873caeb0c49585f931d8d91
SHA256 767890caca6e16c7ad24fabcba4da994d5dc1b82627ed50c8f53eae5b477566c
SHA512 080d58ed13b57c3ad5e6b0656973e2f47fb7eb4e5a99bf993263da68bf0e4e6df1f9123c4463d4b8c1585c7f5b66e90c79a0c2617a072fcfe045ba5f9a4dd934

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6849ee8f-af76-4076-9e77-47f1573fee51.tmp

MD5 b23be92a9cac27f3ab3e451c70be20f4
SHA1 351623845a8323d0280694583a88fef689684045
SHA256 096988f9cc20e2d991dce4fc1aa7d8c12d651ec56ceb5ba0f64a7e245ece9863
SHA512 84e2d09aa6948cde94c298262b0f2b77d19a2c25e59c4653f1313d64676c844d734e59f0081cb04e68ec9c334be8a1634a2de77b20dd01585fe5dfbd79ea88be