Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-ezsv5sac8x
Target a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a
SHA256 a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a

Threat Level: Known bad

The file a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

Mystic

RedLine

Detect Mystic stealer payload

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 04:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 04:23

Reported

2023-11-11 04:26

Platform

win10v2004-20231023-en

Max time kernel

178s

Max time network

179s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5004 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe
PID 5004 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe
PID 5004 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe
PID 1960 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe
PID 1960 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe
PID 1960 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe
PID 3640 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 1080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 1080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4756 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4756 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 852 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 852 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2904 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2904 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4796 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4796 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5000 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5000 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1960 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2BP2187.exe
PID 1960 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2BP2187.exe
PID 1960 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2BP2187.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2180 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a.exe

"C:\Users\Admin\AppData\Local\Temp\a8a3261a94c63b4a92e116051af3f9d9de335c94cbec5371623273425efd5c5a.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x88,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdd65c46f8,0x7ffdd65c4708,0x7ffdd65c4718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2BP2187.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2BP2187.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,435593870772112121,16879709795979338447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,3556544682902769109,7802547565607011477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14964529371313621377,15233333239969190820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11005517964979702349,2711659931538733924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16143365935239182457,5269841271426390396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11024054033336089087,16930056481827054211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2580528631331327585,14094737125159585430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11005517964979702349,2711659931538733924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9662376656589230111,887338709901561086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2580528631331327585,14094737125159585430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,3556544682902769109,7802547565607011477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11024054033336089087,16930056481827054211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,435593870772112121,16879709795979338447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14964529371313621377,15233333239969190820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16143365935239182457,5269841271426390396,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5267354174262944347,14639125143744310260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9662376656589230111,887338709901561086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5267354174262944347,14639125143744310260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11518945744592351155,2635443137982974694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Px70Tc.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Px70Tc.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 7504 -ip 7504

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 540

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
US 18.213.74.63:443 www.epicgames.com tcp
US 18.213.74.63:443 www.epicgames.com tcp
US 104.244.42.1:443 twitter.com tcp
US 104.244.42.1:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 63.74.213.18.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.130:443 api.twitter.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 t.co udp
US 104.244.42.133:443 t.co tcp
US 192.229.220.133:443 video.twimg.com tcp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe

MD5 cc0eae47cb71b80cbb64fcee319734e1
SHA1 0a958429bccc7002b1eb87510ac2f89d6e587315
SHA256 ca7b79febe5c4fcdf936257363f7040134397ff049341c9cc5d31dc95e3dfc95
SHA512 a5f5189e6c43963780e777144cc737d9db181cca863e75d5833a66a1ce6b4d50ed04096937a8a61ed7ed8172370f7f72a8f52000e477ae28beb73b5f0da38bc6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\GP0Dd34.exe

MD5 cc0eae47cb71b80cbb64fcee319734e1
SHA1 0a958429bccc7002b1eb87510ac2f89d6e587315
SHA256 ca7b79febe5c4fcdf936257363f7040134397ff049341c9cc5d31dc95e3dfc95
SHA512 a5f5189e6c43963780e777144cc737d9db181cca863e75d5833a66a1ce6b4d50ed04096937a8a61ed7ed8172370f7f72a8f52000e477ae28beb73b5f0da38bc6

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe

MD5 c3535856ea8501c0573ec6b76a0d288c
SHA1 a823e19c26bff144f3dcaeccb8706d85ff616fc4
SHA256 bf89840dd128db52830ee26c85795e0d6c4c5e8c8b50916a78f9b0fe7f8a28f1
SHA512 49d6a48de17abd193c77656456c8de82c79d94323ed2aee6583c0d427de014207d1cdc9c3a2bc278249fb944b01b8d3ecbc4554e03016948b5481793344b8262

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qA84Pd2.exe

MD5 c3535856ea8501c0573ec6b76a0d288c
SHA1 a823e19c26bff144f3dcaeccb8706d85ff616fc4
SHA256 bf89840dd128db52830ee26c85795e0d6c4c5e8c8b50916a78f9b0fe7f8a28f1
SHA512 49d6a48de17abd193c77656456c8de82c79d94323ed2aee6583c0d427de014207d1cdc9c3a2bc278249fb944b01b8d3ecbc4554e03016948b5481793344b8262

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2BP2187.exe

MD5 7fc7511d7820739773102304ef837ed7
SHA1 d3e5174247c884db7739d420916dbefcb72e9bf9
SHA256 9a23e76f5593042a8cadd24d16c97adf7f8bb0140fdf8108f93c0565575cad86
SHA512 4631582336c26fd3782559baf792b9a95f91ff0fb710dbfda9d056f09ea96618831a0d74a3a0d238a36c6fae76c7d9ce1179e9b9ab19d7da30a4b36fb41f8015

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2BP2187.exe

MD5 7fc7511d7820739773102304ef837ed7
SHA1 d3e5174247c884db7739d420916dbefcb72e9bf9
SHA256 9a23e76f5593042a8cadd24d16c97adf7f8bb0140fdf8108f93c0565575cad86
SHA512 4631582336c26fd3782559baf792b9a95f91ff0fb710dbfda9d056f09ea96618831a0d74a3a0d238a36c6fae76c7d9ce1179e9b9ab19d7da30a4b36fb41f8015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5000_BEJOXVQGRVCXHVMD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4756_IDIVIPTYGKDMHYFV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2652_MUNNHTQJCTGGTIZS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4796_KJJYVPMZITFCRDJD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2180_HKJALTMLLURFKIPW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2088_BXABMEECJRDOYRHU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4712_YGYVXOCILLHRHETE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_852_HJSQKXANJUOLMWHL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4008_JPIFXFKCBIKPOVTN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c094d481abee2c1d7576177baca25fb8
SHA1 2afce84fd7827f5a2358e6b5a0a3aa8be6b14865
SHA256 08b7a092ef86793a5c4077d2f9c016384c0ab9900fd927d3f3e73814da053c7d
SHA512 1751e3358c2eaa2f1318f46fd0b7059ebc80975471e867178dc7fbfdbf1514609f8c868d59b8d4b7bd022ceb7679f5581cf7285b3d1c1342f83b48898fcda1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c094d481abee2c1d7576177baca25fb8
SHA1 2afce84fd7827f5a2358e6b5a0a3aa8be6b14865
SHA256 08b7a092ef86793a5c4077d2f9c016384c0ab9900fd927d3f3e73814da053c7d
SHA512 1751e3358c2eaa2f1318f46fd0b7059ebc80975471e867178dc7fbfdbf1514609f8c868d59b8d4b7bd022ceb7679f5581cf7285b3d1c1342f83b48898fcda1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 169a91e34d4ba5ff300084fdf64aee6e
SHA1 bff33fa9c5f477a1286f497a381d3e883add8091
SHA256 37924e7376a371ba4ce30820615489e01b2410a8a44b4f21c62811516171a15a
SHA512 0a8e9fb4eaf33a7fa8467b1fa50f88876fa29fe1940f37b064ef61ddc0afa2468e9e3116e15cfea7a95fc5b1c9f24866e849680770688333aa102a19994745f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24dfd287b967fe290684519f7af7cfbe
SHA1 39ed1417a9506c9b44e1100f286c44c1d2b10e09
SHA256 29cc30df600a74e781b2fe29e94407563ca59a88a75a7ba078e376cd5a87160b
SHA512 ad667b4144031d5e5deb18a9a251fca55ed696222847520fbeabb5a36f4647832ba0eb020d99c1fadc82c3be74c7ebb74f409ad2fc0ad4afe9efc4cac06e3d4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b058753f-2032-4cd9-ba86-0a10fc976675.tmp

MD5 5b4779b54656487787a33947284702b6
SHA1 8fc1be63ecb5542515774c79af497e262756f61d
SHA256 00897d5c0893abaf88f9e861b9dbf18123f26982ab25df7a70e95cc48357e130
SHA512 078e92e9c676d8cf4f780c8006d3904461ee2ccc530160afe8d7ba162242d6d29c07d927f6b9506bd1ce181f7eec5c57bdaec3bbf48028a4ae383f071ea9b51b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24dfd287b967fe290684519f7af7cfbe
SHA1 39ed1417a9506c9b44e1100f286c44c1d2b10e09
SHA256 29cc30df600a74e781b2fe29e94407563ca59a88a75a7ba078e376cd5a87160b
SHA512 ad667b4144031d5e5deb18a9a251fca55ed696222847520fbeabb5a36f4647832ba0eb020d99c1fadc82c3be74c7ebb74f409ad2fc0ad4afe9efc4cac06e3d4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 169a91e34d4ba5ff300084fdf64aee6e
SHA1 bff33fa9c5f477a1286f497a381d3e883add8091
SHA256 37924e7376a371ba4ce30820615489e01b2410a8a44b4f21c62811516171a15a
SHA512 0a8e9fb4eaf33a7fa8467b1fa50f88876fa29fe1940f37b064ef61ddc0afa2468e9e3116e15cfea7a95fc5b1c9f24866e849680770688333aa102a19994745f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 68a485de4169fe39232107518716c27f
SHA1 bd32df7746ddfbc29ce8e925061fcb0ee913960d
SHA256 7ca31feda20e9d7b634df88789cdb90ab5c49bad02b435a8808ecb3afcb1a38f
SHA512 e206b80d16b285c2932d4d052ada49b8b7915234a3f5154be9eba61bf0d11e82d70a16c73bc8ef71affe0a8719b4f2d57cfd68190227dadc4714e71598395c4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 635f5399a68cbdb048aebae5878d7d56
SHA1 b85b945606cc61606162da80e957206c9ee1b3cc
SHA256 211f84470bd62b7d0d35b85d3a97d486f13d734f66fcbd7c19c3f1267738124d
SHA512 51429c28d2db88da51440c5a36df0f947c8e0cdd41216ca013b4b94986da7f4f28b383dd293e3d98591e176c57cf21cc8a02fa7e0e32122f1fbb796d816f96f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 635f5399a68cbdb048aebae5878d7d56
SHA1 b85b945606cc61606162da80e957206c9ee1b3cc
SHA256 211f84470bd62b7d0d35b85d3a97d486f13d734f66fcbd7c19c3f1267738124d
SHA512 51429c28d2db88da51440c5a36df0f947c8e0cdd41216ca013b4b94986da7f4f28b383dd293e3d98591e176c57cf21cc8a02fa7e0e32122f1fbb796d816f96f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 68a485de4169fe39232107518716c27f
SHA1 bd32df7746ddfbc29ce8e925061fcb0ee913960d
SHA256 7ca31feda20e9d7b634df88789cdb90ab5c49bad02b435a8808ecb3afcb1a38f
SHA512 e206b80d16b285c2932d4d052ada49b8b7915234a3f5154be9eba61bf0d11e82d70a16c73bc8ef71affe0a8719b4f2d57cfd68190227dadc4714e71598395c4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\19910559-c658-4e89-9d7f-fe45a94ab7d5.tmp

MD5 1fc468bf00866f62ce6d2effc945b2b6
SHA1 75f1f6e8c698719e555ea3faa4599c68c7feb7c1
SHA256 4d1d803948968d4845a740104a98ef96b472ad029d40766a30b53ed6be5348ea
SHA512 8692aa8fcfdacba089dc0725a2a8a63d8d1bc9d5b6a454cb9f0e97ae2361c7971227de339b2b16921ffca05120370cf387d0ce9cb9e3d5385698fca4212fe44c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 05aeb5dfabac3611af9bb20c7ed417fa
SHA1 f0d16cb8f5647f7cb8da213101eced00e8223adf
SHA256 8f84b4f880b9431ad78ffe0b4bf727cb39cb0bbff2dcdbe7b25c90862da221ca
SHA512 26a73ad6b34a3f69271e1fadd37558887d1790cbb201f6933323223b47c95142114eabedd07d0b3c076d71d21b325357b443b0b570ac1e9c6b1f383fed86b8f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5b4779b54656487787a33947284702b6
SHA1 8fc1be63ecb5542515774c79af497e262756f61d
SHA256 00897d5c0893abaf88f9e861b9dbf18123f26982ab25df7a70e95cc48357e130
SHA512 078e92e9c676d8cf4f780c8006d3904461ee2ccc530160afe8d7ba162242d6d29c07d927f6b9506bd1ce181f7eec5c57bdaec3bbf48028a4ae383f071ea9b51b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cdfecef74a66b07846dcef8fc2fd95b4
SHA1 84ccf29459d5dd07fa06a596141f1bceeb27381f
SHA256 3ab676531e9d101b2897d5d4db6fa7cf72017b77acf29414a3781f777368043f
SHA512 f9b0b02daeee7dde82c4a1f3e50be824e3f32ec9996acc098161919ebbc88c7777b319f63400f116ff484772f57fef1c1d60326c8d9eda9e96fb5db79cfd66a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cdfecef74a66b07846dcef8fc2fd95b4
SHA1 84ccf29459d5dd07fa06a596141f1bceeb27381f
SHA256 3ab676531e9d101b2897d5d4db6fa7cf72017b77acf29414a3781f777368043f
SHA512 f9b0b02daeee7dde82c4a1f3e50be824e3f32ec9996acc098161919ebbc88c7777b319f63400f116ff484772f57fef1c1d60326c8d9eda9e96fb5db79cfd66a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c094d481abee2c1d7576177baca25fb8
SHA1 2afce84fd7827f5a2358e6b5a0a3aa8be6b14865
SHA256 08b7a092ef86793a5c4077d2f9c016384c0ab9900fd927d3f3e73814da053c7d
SHA512 1751e3358c2eaa2f1318f46fd0b7059ebc80975471e867178dc7fbfdbf1514609f8c868d59b8d4b7bd022ceb7679f5581cf7285b3d1c1342f83b48898fcda1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5b4779b54656487787a33947284702b6
SHA1 8fc1be63ecb5542515774c79af497e262756f61d
SHA256 00897d5c0893abaf88f9e861b9dbf18123f26982ab25df7a70e95cc48357e130
SHA512 078e92e9c676d8cf4f780c8006d3904461ee2ccc530160afe8d7ba162242d6d29c07d927f6b9506bd1ce181f7eec5c57bdaec3bbf48028a4ae383f071ea9b51b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9aa5bcac-9dac-46dd-ab5a-17f2b024baeb.tmp

MD5 05aeb5dfabac3611af9bb20c7ed417fa
SHA1 f0d16cb8f5647f7cb8da213101eced00e8223adf
SHA256 8f84b4f880b9431ad78ffe0b4bf727cb39cb0bbff2dcdbe7b25c90862da221ca
SHA512 26a73ad6b34a3f69271e1fadd37558887d1790cbb201f6933323223b47c95142114eabedd07d0b3c076d71d21b325357b443b0b570ac1e9c6b1f383fed86b8f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa431426664c58385544a596258a3877
SHA1 1832eb8bbeb95b021129c274d2afc263634f9d73
SHA256 55792c503c7ebb770f0c955bfbdd9d5ca27eef8beabed6d47f62b3fb18ec7197
SHA512 07c04ffcf05c43a1e1c96348adf057eb3de21461840f6a5d32fe8093f99deac1371dcf3983fc25e62b1aba83a5ce19a49cfa5aa54bdd6f8a97fb54097b271d5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bfe41ee2c1e347e453ac80c1180553e0
SHA1 45b1d160af58e3eaf30d34979b60a924129e841c
SHA256 62c8a97cb2f14e6484ea6e7397b1a5f09e967cf7547bb8aec6827f77b8da049e
SHA512 76c7631876314a80bbf2683c902c8f6a32624f75a687a2a9d2efa20e85dd9e9961abffbede95c4863ea62706d22e06e0bfc11103461b31d580b115319ad356e5

memory/7504-358-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7504-371-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7504-372-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7504-374-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c480242b2e3f55543851f728199b737
SHA1 5b45db8e448f155221763cb2a0c5d8a4716f00b5
SHA256 f4c2ec63c520db55187f190cd83c200d23050d94c24934ce70087d1c4b510e6c
SHA512 6fe97a266cc26b5afd774ae2f7f0075b23f619d206b2757637cb021e5ea0d44006f9add138fe0b78a5eabea4357b66acc748efb608fb3dafde62af649d866d7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e35c05e85b8765b554e1c08ba83fca4f
SHA1 535534c04f65e91918e49b0e10843a148148f978
SHA256 7ec802cbc5c7450f82d531d506d067804ff2e7ff106e33a4892eb32bc79c977e
SHA512 bf4613cb56e8e0a968b1887ace5aefa823e00ff75dfb32bfe020db01f2f6bbc030d098aad52ebf92841667f8d7d0f818732cc835b2a827228f23ced274656459

memory/7008-407-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2