Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-dcf3dsfg8x
Target 6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c
SHA256 6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c

Threat Level: Known bad

The file 6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

Detect Mystic stealer payload

RedLine

RedLine payload

Mystic

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 02:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 02:51

Reported

2023-11-11 02:54

Platform

win10v2004-20231023-en

Max time kernel

161s

Max time network

177s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4500 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe
PID 4500 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe
PID 4500 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe
PID 4624 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe
PID 4624 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe
PID 4624 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe
PID 724 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe
PID 724 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe
PID 724 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe
PID 4860 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4948 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 3088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 3088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3256 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2276 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2276 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 3480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 3480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2588 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2588 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 724 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe
PID 724 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe
PID 724 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3540 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4624 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5iV25jb.exe
PID 4624 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5iV25jb.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c.exe

"C:\Users\Admin\AppData\Local\Temp\6b146d635854b0e97d77d3e417cca3858ea2ea271cb4c239ca41afd26c1f170c.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x40,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x8c,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb473146f8,0x7ffb47314708,0x7ffb47314718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2584 -ip 2584

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5iV25jb.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5iV25jb.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3714734856865474546,3261426705845137515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3714734856865474546,3261426705845137515,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6102041570350939812,7767393632420376793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3525625921023277264,2619096046830570831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15143630043606904979,12113374360894435463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,6102041570350939812,7767393632420376793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10140241530728470339,4088380746661715104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10140241530728470339,4088380746661715104,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15143630043606904979,12113374360894435463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11552299386884096593,14528040705624319932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11552299386884096593,14528040705624319932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3525625921023277264,2619096046830570831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3593841522594339657,13722496919499118352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14651679363028209912,6464999376310526792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17498214824443260985,9961094255331493611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3593841522594339657,13722496919499118352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14651679363028209912,6464999376310526792,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17498214824443260985,9961094255331493611,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15812568346704977984,16687420294527056697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Ew765.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Ew765.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 44.208.156.246:443 www.epicgames.com tcp
US 44.208.156.246:443 www.epicgames.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 246.156.208.44.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 twitter.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe

MD5 19142bc741b90d3e0eaa017b6ef4be88
SHA1 aa642ac154bb888848f5bb6faa0790f5eb09d696
SHA256 87c66736dc0e2030a2d9cbc3c471a4755b28c3a3a657df546e5c85b4f615e916
SHA512 63a514d2865f3c49599b180b04cfd89f871786b2fd7f2b920999a69ccb8547c4ac437f8439f9fcc132764bf45c16602707d86bec4a6a11e894725122786d2b6b

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ii2Zz73.exe

MD5 19142bc741b90d3e0eaa017b6ef4be88
SHA1 aa642ac154bb888848f5bb6faa0790f5eb09d696
SHA256 87c66736dc0e2030a2d9cbc3c471a4755b28c3a3a657df546e5c85b4f615e916
SHA512 63a514d2865f3c49599b180b04cfd89f871786b2fd7f2b920999a69ccb8547c4ac437f8439f9fcc132764bf45c16602707d86bec4a6a11e894725122786d2b6b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe

MD5 e9f132653ec4fbd3113fe0cd6e9192a1
SHA1 8dc13120cf5ea0d3c618276eba595d6c48db83c5
SHA256 2f22c44c0ade85d5b883d51515bea43e6d5c5a19b7a7f5fd9cc1181c8b44db58
SHA512 0f5d81e9be38e5dfa7012c4c5ff15d4a762e1d5d25b4f5d1ef2f7d45980d20a209b6fe194f2732fd2f19d9e1d74004f5df68cdc7a5a3de65480c06a4bd7588cf

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Dy8DU01.exe

MD5 e9f132653ec4fbd3113fe0cd6e9192a1
SHA1 8dc13120cf5ea0d3c618276eba595d6c48db83c5
SHA256 2f22c44c0ade85d5b883d51515bea43e6d5c5a19b7a7f5fd9cc1181c8b44db58
SHA512 0f5d81e9be38e5dfa7012c4c5ff15d4a762e1d5d25b4f5d1ef2f7d45980d20a209b6fe194f2732fd2f19d9e1d74004f5df68cdc7a5a3de65480c06a4bd7588cf

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe

MD5 9ba006420e5c40c45261a4e44dcbd782
SHA1 3e2b5ae879d570bd2923bf997a0697148a8deb71
SHA256 ba07126e4c266beca67abb6d5ce1889d07805b00cdd7fb718e82ac542320549b
SHA512 99d2537dee051092c0330471aca244c1c46dd210b29d89af53fe16a83b27fee2ac75c79f0e83dbba7fca445afd5459e4d3535eb73fdbd08ef84da628dbe72589

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Uy172WP.exe

MD5 9ba006420e5c40c45261a4e44dcbd782
SHA1 3e2b5ae879d570bd2923bf997a0697148a8deb71
SHA256 ba07126e4c266beca67abb6d5ce1889d07805b00cdd7fb718e82ac542320549b
SHA512 99d2537dee051092c0330471aca244c1c46dd210b29d89af53fe16a83b27fee2ac75c79f0e83dbba7fca445afd5459e4d3535eb73fdbd08ef84da628dbe72589

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe

MD5 ca0c484d5e9bfebeb088e7d9f50d5ead
SHA1 c18f2d3847825952ce72cd6250045d045e56eabb
SHA256 e2aa1829e9567651481dd9d698e9d2619c7b31ea29bb82b6b0c2510163a272bb
SHA512 5e876ea1d66ce1fca7c208a128d1eba589e48360eab542239cafc8985b169c33dc0b6c243655c39a90e9992f4d7532ab32a8120348481f56f8181deb254e6b8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ul5Az2.exe

MD5 ca0c484d5e9bfebeb088e7d9f50d5ead
SHA1 c18f2d3847825952ce72cd6250045d045e56eabb
SHA256 e2aa1829e9567651481dd9d698e9d2619c7b31ea29bb82b6b0c2510163a272bb
SHA512 5e876ea1d66ce1fca7c208a128d1eba589e48360eab542239cafc8985b169c33dc0b6c243655c39a90e9992f4d7532ab32a8120348481f56f8181deb254e6b8e

memory/2584-43-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2584-44-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2584-45-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2584-47-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5iV25jb.exe

MD5 70ee0fa557ae2095ba8359fa0075a745
SHA1 436ac183973ceb91f12b63cf08ac0a27cfa0606a
SHA256 59fcc52a737cd933f1468eef7a1db7f52560212dc1fcbf01cf09899acaf1f7bd
SHA512 c892a9e6bc9e300aceef740bcd406461e47fdc6c20aee7f62e74ca99f19cab1f88392aa35179bb9029a56426dffcdc47dbf1c167d57490b0462e6ca43200da8b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5iV25jb.exe

MD5 70ee0fa557ae2095ba8359fa0075a745
SHA1 436ac183973ceb91f12b63cf08ac0a27cfa0606a
SHA256 59fcc52a737cd933f1468eef7a1db7f52560212dc1fcbf01cf09899acaf1f7bd
SHA512 c892a9e6bc9e300aceef740bcd406461e47fdc6c20aee7f62e74ca99f19cab1f88392aa35179bb9029a56426dffcdc47dbf1c167d57490b0462e6ca43200da8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1464_LIUQEJKECETRNELV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5004_UZINZTOUKWYWNAAQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1060_ZRSRMBCPIDYDRSWB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2276_QNHHPKMWQRCNEGOC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2588_OZYTYCSTJHVUNHZN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_652_KAVOOWWISLKRMMVK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4948_ZQZXHQJVRRIUNAOU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4808_WIKLTMOYKXMWNOIK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3256_TGWRZKZSXNFRFIXR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1068_QHIJNPYQGAOUYRTS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\074f0e58-3670-4912-8ef3-ce97488f5802.tmp

MD5 ae001096991762e0e2f2f55ecc2786bc
SHA1 6fa9b9ae30c95dea12e177dabb7ddd0f5e6b038e
SHA256 e3a61bde030a953165fa029bc40e14cb06110140fe84afc939d95ec8eeeccce6
SHA512 1946909a38528b19f205e2169234ee993b097030e6dc7efed94cd187e3d14bfc35947a0731d2494162212f508f302133b844a225f2134466bbfb65abb897395a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7e4ee4b2-2ba6-48f5-a20a-fe3bdf8d1918.tmp

MD5 aa099f16f680f7958bbf2900b1d180d5
SHA1 c46155b3f157eeb0add959eaabf85d78f06b5f01
SHA256 d8e34077eaa1fbd84caa39dba4ea8eebdeb623d8cea8539d48a5dcf829784e00
SHA512 2d921d06d9dc1a626503ac2892979bee6f0b48a208f21cbe80822ca2e0aad7ec0619b0f5a04e56eb5f769494d2e0ce2e4f2ec710bdeb52b8d730cf3419ee82f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc6b702d060ece0f991d4ece5094d8da
SHA1 0210ffa30ba8044e4ce3dbc7ddc4662eda70e89e
SHA256 a5f693af5b482357cfaa6a686dec7646295d1b04e3fe1cf352540db72a9f9bee
SHA512 286bfcd35afff5dc2b4c35189360d5f3408bc502179ce0e55c426be527644dbcf5b996195e85ab7f0643efb4a8cc3fd5997d8391e744ca5481141b7292183dbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc6b702d060ece0f991d4ece5094d8da
SHA1 0210ffa30ba8044e4ce3dbc7ddc4662eda70e89e
SHA256 a5f693af5b482357cfaa6a686dec7646295d1b04e3fe1cf352540db72a9f9bee
SHA512 286bfcd35afff5dc2b4c35189360d5f3408bc502179ce0e55c426be527644dbcf5b996195e85ab7f0643efb4a8cc3fd5997d8391e744ca5481141b7292183dbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f67e32ab-979b-4aea-bdbf-740226144d58.tmp

MD5 fd979ac4a15931e5b43e7f266df13f30
SHA1 06344951bcfa4e01719aabd9254ba14ed60c7967
SHA256 4814e06aee437ea7127aa5521095e73bb68bbe4906bc275a48898fc8b127c2b3
SHA512 ea8104f30713e20fd8141b984041db965740fd7059452750fdf3bc6e343689a974f99a5e3a63df64761d084012b17455b17f67e1d55098c49626520425d79ca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1103b24e54d55a9674f010d1812a37cc
SHA1 ad78365959e335ead44d944cf6b0b3b3c7717f79
SHA256 34951fa78694224178e16324822ff5c56f545d70e12f875a391f2104b5525639
SHA512 e5f437d3bda115f15d02f5225b51076008b185906a2f59d99964d1d283770a5f2b29a441e36d65ec6ae71c20bd67134f07901fa60408dba2f1a21d1adadead04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8233bd65-c4ed-4627-8af5-8fad93630869.tmp

MD5 25897e122682049bd0d90fa3c48bdb0b
SHA1 2be5e9584a3db009d429b8873dcb83e64c57a31f
SHA256 6e43dd7761c373d7d564639af03fdbf9c12d3fc9d3efd223e147bfa7f7858098
SHA512 75562fc6736ae30e6308a0f88ccdea556ab04c405cefc649a74634a3b4c61a7c620f239eacd6a153c166fa2aac64ae73931f98d5d768e80c9f628f2b1ee930d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1103b24e54d55a9674f010d1812a37cc
SHA1 ad78365959e335ead44d944cf6b0b3b3c7717f79
SHA256 34951fa78694224178e16324822ff5c56f545d70e12f875a391f2104b5525639
SHA512 e5f437d3bda115f15d02f5225b51076008b185906a2f59d99964d1d283770a5f2b29a441e36d65ec6ae71c20bd67134f07901fa60408dba2f1a21d1adadead04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 46123b2d62b3e4608f65c60df333807d
SHA1 54104f8829d77e43152aab59f163e539a38c65d3
SHA256 8872eaa01115a061a592bd59390e5e4801d506951ec0b89b8c34531f4766c268
SHA512 5fc5cc8d7a16a061acbd0fd2ec8b1acccc6a3d74ccc7f159c3365e712aa0d8e5243813d3643da641dd82f6c63f1aa0ef778989d315b28415f236a3223e6180f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 46123b2d62b3e4608f65c60df333807d
SHA1 54104f8829d77e43152aab59f163e539a38c65d3
SHA256 8872eaa01115a061a592bd59390e5e4801d506951ec0b89b8c34531f4766c268
SHA512 5fc5cc8d7a16a061acbd0fd2ec8b1acccc6a3d74ccc7f159c3365e712aa0d8e5243813d3643da641dd82f6c63f1aa0ef778989d315b28415f236a3223e6180f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25897e122682049bd0d90fa3c48bdb0b
SHA1 2be5e9584a3db009d429b8873dcb83e64c57a31f
SHA256 6e43dd7761c373d7d564639af03fdbf9c12d3fc9d3efd223e147bfa7f7858098
SHA512 75562fc6736ae30e6308a0f88ccdea556ab04c405cefc649a74634a3b4c61a7c620f239eacd6a153c166fa2aac64ae73931f98d5d768e80c9f628f2b1ee930d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa099f16f680f7958bbf2900b1d180d5
SHA1 c46155b3f157eeb0add959eaabf85d78f06b5f01
SHA256 d8e34077eaa1fbd84caa39dba4ea8eebdeb623d8cea8539d48a5dcf829784e00
SHA512 2d921d06d9dc1a626503ac2892979bee6f0b48a208f21cbe80822ca2e0aad7ec0619b0f5a04e56eb5f769494d2e0ce2e4f2ec710bdeb52b8d730cf3419ee82f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1103b24e54d55a9674f010d1812a37cc
SHA1 ad78365959e335ead44d944cf6b0b3b3c7717f79
SHA256 34951fa78694224178e16324822ff5c56f545d70e12f875a391f2104b5525639
SHA512 e5f437d3bda115f15d02f5225b51076008b185906a2f59d99964d1d283770a5f2b29a441e36d65ec6ae71c20bd67134f07901fa60408dba2f1a21d1adadead04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 46123b2d62b3e4608f65c60df333807d
SHA1 54104f8829d77e43152aab59f163e539a38c65d3
SHA256 8872eaa01115a061a592bd59390e5e4801d506951ec0b89b8c34531f4766c268
SHA512 5fc5cc8d7a16a061acbd0fd2ec8b1acccc6a3d74ccc7f159c3365e712aa0d8e5243813d3643da641dd82f6c63f1aa0ef778989d315b28415f236a3223e6180f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae001096991762e0e2f2f55ecc2786bc
SHA1 6fa9b9ae30c95dea12e177dabb7ddd0f5e6b038e
SHA256 e3a61bde030a953165fa029bc40e14cb06110140fe84afc939d95ec8eeeccce6
SHA512 1946909a38528b19f205e2169234ee993b097030e6dc7efed94cd187e3d14bfc35947a0731d2494162212f508f302133b844a225f2134466bbfb65abb897395a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25897e122682049bd0d90fa3c48bdb0b
SHA1 2be5e9584a3db009d429b8873dcb83e64c57a31f
SHA256 6e43dd7761c373d7d564639af03fdbf9c12d3fc9d3efd223e147bfa7f7858098
SHA512 75562fc6736ae30e6308a0f88ccdea556ab04c405cefc649a74634a3b4c61a7c620f239eacd6a153c166fa2aac64ae73931f98d5d768e80c9f628f2b1ee930d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e1e2badd1d4ddb3cba255864ef7ad515
SHA1 e918a9c505f0de328e09796ebaabcc36d3a3091c
SHA256 8930c7e3015ab0a1038fbef0ed53615b8fbfd2b5f8083c2cb9cb2d98b167d542
SHA512 e4b1e05cab33421f1c205fd6924c9e23a544e7a449f6f5476bc3836691caa74afbfae756aec222e8ee7a42e30d5e09ca36ace2dd464c592f515d2f6049c434ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\98f095ee-8055-4d32-919e-9f055555e988.tmp

MD5 f1936475f3f433aa62bf87419104ca2f
SHA1 6597a68bf86fc4535a0f8ee3af4e4ccd4dfaab04
SHA256 e96bf26cb495eb82aa69b813a936a6564aafb314dbdacd65981f209d85fb7d94
SHA512 67e1abada8b8f0c5c6f9facff19d5a7038b3714d71a483c6ff0657f82ba9d0597c624699a8493696729b31855c93c15b114adced6be5d45b4ebf71d7cdd22038

memory/5144-364-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca1b88af244ffd3391fb62845eb3999c
SHA1 e8af2f6ba4637fca5cf10d3b7ca56cf346d08de3
SHA256 305d23946e0ff06c356da156d707bd995fa8ece726ba74f5102bb5c62c893910
SHA512 b7bf3aa738c4a11726d94c459cab61dc3459b4e8cabbe68248a9143a1201ef40d64e486e8ca1f291b7c0954c97eee8894df6a7dd50971bd5c5a5659699ce1a9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b6aaff20-9271-4ff0-96aa-1940fe454824.tmp

MD5 e1e2badd1d4ddb3cba255864ef7ad515
SHA1 e918a9c505f0de328e09796ebaabcc36d3a3091c
SHA256 8930c7e3015ab0a1038fbef0ed53615b8fbfd2b5f8083c2cb9cb2d98b167d542
SHA512 e4b1e05cab33421f1c205fd6924c9e23a544e7a449f6f5476bc3836691caa74afbfae756aec222e8ee7a42e30d5e09ca36ace2dd464c592f515d2f6049c434ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c112149c526f8a85d3c2058b7339475
SHA1 ebd0192e0016cce7954794c96452c910659f3bf5
SHA256 ed8a5a0a431e5051590fb7feb80a63c61fe85db59f5f9c8ee16dca90f8685c44
SHA512 8426c9d7cfffc50e452acb8e6077eab57aa7e008bf4aa136a5846f85ab8d5a81d2dfba702d0e759ff3de8a1711f40ff782ce072ee07d55dee8b3be6b7971dee6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 febbdbaa6ef9fa6a9b9f519168405dda
SHA1 1233aa3d6026168e0c9bf8e81827f86059d9eb19
SHA256 b6fae9ead67302a411b078b086dc69c360c98fa2000ef7f4323b925dbc40f688
SHA512 ad8fadc15a5dc493ccccf92022a673009ea75b983e6288d8a7e7edf24abd99b08cc85ad1eae26b4f772dd77463e0ecdab748fefcc1c1a0e1a1d1a368978452eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 163fe43839b12d70e8c60f7987adba1a
SHA1 ea032c726866b6a7713d1a892443e3315a9e2d57
SHA256 4026a44232e6208bc4ea5beb87ccd38e5629e324a7a3032f3fa3f1713f0d47a4
SHA512 03f71df770cdac9fecff766f8759b615e54a990621ef69de9c7a019d0472126346d08c3896b3e0f91f3849c031f78b595a6fdbed4e3fa9eb7319e4efb9c8999a

memory/5568-471-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5568-487-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5568-489-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5568-491-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 31f0dc9cabe8b7e55ebada0baabdbe7b
SHA1 02f1ec3d35b0e2c0695731ba339c598c5e433852
SHA256 c241ca64c3c3d5afeebc5f02f6cfdf8cb245180e9f15b74d5a0813301180746b
SHA512 721b5c9e747b5c73b3dbebe640f7202d0fad27189795bf354b619d21b0ee0472b4839d03baaa23221e6e1d7ebda56d18b2607db08c6bbfc457b7eeafe8c479e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a3039.TMP

MD5 a2424b479393c0cf2c77b042e78cd25f
SHA1 c1865a7d14f5a22edb63c9ac799700fa968f43d6
SHA256 c0f5f299881d9f36ed7623e747b2876ddd8a7e176bd16e7db12bd9a1725122b7
SHA512 b59eab6b77000c55e2487f59c57484f78b123eff162a130c55a60e73994b7cff5df991e76778557b4bdc66ae47cebfdbe10739152757b4f88a070fdf6c210b53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e97e3c9edea879feb01b6e7b38350c1f
SHA1 31e3629ce58945c185ae3d0cfa8257bbb2ce2239
SHA256 fa6dd12cee3ec6d2f5de24c5743b934b53f7c0f3c110997d0bed0e49961d36ce
SHA512 6ae83cb5e53c0b3109bc3418eed0239ade0e2b17a35e351104d8e7c9acfff5919fde826af2a7185acb9c9264f31459ef621036a013416247c147a7f0b769e642

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 82532f08a7bd3deafeb6aac3c8ec01de
SHA1 5d1badca6d6dae8b3832a5c33f5ad56d2e436506
SHA256 a2a3fffdc4fc25c4ac2b14a53bacc6422d2217190a1c4d62b712af3c56475261
SHA512 04349358d9483dd699616ac8bc9f5e5c482e414af90450322a81e27b82e07d478ea5659f9cf07feff474adfd066d96d3f79da89c96c2e494e7eeb7841f685d8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 33d4390da1e7b2bfaabae9acaca2eaf8
SHA1 60559b1c2646a16ef9a1a2655f44ae6dd0ecdb53
SHA256 6d4ac34cc6463875b96f6404b948544e0bde8589c081c080f0a79f296a1e3e46
SHA512 6a835cb527a3b7f04de76ea99b23ad2292940415ff8e86c9c447ae4b18ff6c58666e7e479a399788e92cabc8362a976ace17855fbc1caa0800c68f690ad0eba0