Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-f1zwhscd99
Target 0b1f8519494d346dbbe18d23eaf5ecfc.exe
SHA256 44204e5731a34e0edfbcb2f50a6f42a3b428bdef20df8e244caf9524d0513bbc
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

44204e5731a34e0edfbcb2f50a6f42a3b428bdef20df8e244caf9524d0513bbc

Threat Level: Known bad

The file 0b1f8519494d346dbbe18d23eaf5ecfc.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine

RedLine payload

Detect Mystic stealer payload

Mystic

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

AutoIT Executable

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 05:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 05:21

Reported

2023-11-11 05:23

Platform

win10v2004-20231025-en

Max time kernel

150s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b1f8519494d346dbbe18d23eaf5ecfc.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\0b1f8519494d346dbbe18d23eaf5ecfc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1524 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\0b1f8519494d346dbbe18d23eaf5ecfc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe
PID 1524 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\0b1f8519494d346dbbe18d23eaf5ecfc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe
PID 1524 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\0b1f8519494d346dbbe18d23eaf5ecfc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe
PID 4884 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe
PID 4884 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe
PID 4884 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe
PID 4032 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe
PID 4032 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe
PID 4032 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe
PID 3740 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1256 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1256 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1044 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1044 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1876 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1876 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5112 wrote to memory of 4640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5112 wrote to memory of 4640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4376 wrote to memory of 456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4376 wrote to memory of 456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3244 wrote to memory of 5896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0b1f8519494d346dbbe18d23eaf5ecfc.exe

"C:\Users\Admin\AppData\Local\Temp\0b1f8519494d346dbbe18d23eaf5ecfc.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc38aa46f8,0x7ffc38aa4708,0x7ffc38aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,14197016242598862559,7606502411532942257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9210840928903891652,1507649017716487279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9210840928903891652,1507649017716487279,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8044231814198210549,11787811026721466928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8044231814198210549,11787811026721466928,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,14197016242598862559,7606502411532942257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6783066457096880142,6230119935823829533,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ZU2DS5.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ZU2DS5.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15793111597067361465,8754394594151879650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4657267104315179167,7913713242978365223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15793111597067361465,8754394594151879650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4657267104315179167,7913713242978365223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9002327937955232824,2761124305525393637,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,2190357810150100803,1307866688704275214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13038738717403396669,16683424568733671113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2190357810150100803,1307866688704275214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9002327937955232824,2761124305525393637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6783066457096880142,6230119935823829533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13038738717403396669,16683424568733671113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MI89nG.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MI89nG.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7828 -ip 7828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 536

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6MU525.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6MU525.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3197117491766130241,16073654692392200912,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10052 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 254.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.paypal.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
US 104.244.42.65:443 twitter.com tcp
US 3.221.61.110:443 www.epicgames.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 110.61.221.3.in-addr.arpa udp
US 104.244.42.65:443 twitter.com tcp
US 3.221.61.110:443 www.epicgames.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.197:443 t.co tcp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
DE 172.217.23.214:443 i.ytimg.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 254.43.238.8.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 facebook.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 104.21.53.57:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 104.21.53.57:80 killredls.pw tcp
NL 142.250.179.163:443 www.recaptcha.net udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 104.21.53.57:80 killredls.pw tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 151.101.1.35:443 c6.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 nelly-service-prod-akamai.ecosec.on.epicgames.com udp
NL 2.19.195.184:443 nelly-service-prod-akamai.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 184.195.19.2.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 nelly-service-prod.ecbc.live.use1a.on.epicgames.com udp
US 34.199.231.126:443 nelly-service-prod.ecbc.live.use1a.on.epicgames.com tcp
US 8.8.8.8:53 126.231.199.34.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe

MD5 9a36183e921ca9a2b7b1554a8c10e7ce
SHA1 2e6d67a56d064609a13a3ba401c5027b7c1ca23b
SHA256 192b5982b2041ce26a7b379330fbc1a503bc8ad4580bee88508b17db5445ce6f
SHA512 606c3c20b0aba89c9edadd79df79a2afb5354cf1f25945a6ade5849b6390e8442374aa7d1c9c4eb8aa4f0bca450181cccffb141ac8f13b0d1be4e4a3fcd1b1fd

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZM4IN32.exe

MD5 9a36183e921ca9a2b7b1554a8c10e7ce
SHA1 2e6d67a56d064609a13a3ba401c5027b7c1ca23b
SHA256 192b5982b2041ce26a7b379330fbc1a503bc8ad4580bee88508b17db5445ce6f
SHA512 606c3c20b0aba89c9edadd79df79a2afb5354cf1f25945a6ade5849b6390e8442374aa7d1c9c4eb8aa4f0bca450181cccffb141ac8f13b0d1be4e4a3fcd1b1fd

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe

MD5 e13cced056fe23d7eaddb2a33cdf02f0
SHA1 483659d48ca69cba35bcd597945fb1caee65c259
SHA256 5627bb5aba33c9f1ed2e373c2c5bf41152daa6209cd4e270f8e7b50f10b0c238
SHA512 46757052e77b469b2455877d7ae032f7ff042fc8e35c7f86cf593f75fc5f35e1476e6138011c72f1ff14f50a43d3c2f60c987ba56c6497350140c3de6d85d134

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hF2HM40.exe

MD5 e13cced056fe23d7eaddb2a33cdf02f0
SHA1 483659d48ca69cba35bcd597945fb1caee65c259
SHA256 5627bb5aba33c9f1ed2e373c2c5bf41152daa6209cd4e270f8e7b50f10b0c238
SHA512 46757052e77b469b2455877d7ae032f7ff042fc8e35c7f86cf593f75fc5f35e1476e6138011c72f1ff14f50a43d3c2f60c987ba56c6497350140c3de6d85d134

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe

MD5 ca40d0de02a4e591d6c2fb6b6136c2d4
SHA1 6018ca55efbff524ee387fc6f4614f3f15c77739
SHA256 c44f5b91a553728a77eb682d59f5cda6c827b7959e6d17da695b71aa1aff2610
SHA512 b35e34d529c28966d26f6433657690184128a5a2b8c08acab4e497cd6d48a192d992116eefa918a11732dcf3ff4489947c31e3fd764e1929875bdac616a3ccfa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3cL009HO.exe

MD5 ca40d0de02a4e591d6c2fb6b6136c2d4
SHA1 6018ca55efbff524ee387fc6f4614f3f15c77739
SHA256 c44f5b91a553728a77eb682d59f5cda6c827b7959e6d17da695b71aa1aff2610
SHA512 b35e34d529c28966d26f6433657690184128a5a2b8c08acab4e497cd6d48a192d992116eefa918a11732dcf3ff4489947c31e3fd764e1929875bdac616a3ccfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_3244_UMHBDBHRWGQZXBBF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_1044_QWCYSBUNOVMHNSQQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2808_DHWNUJCOLGGABUOL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4084_MFNHQSHYZRMRIICO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1256_BRIBGKPFCEELRQWG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1876_OSJXOQKAZBAXCXIH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4376_WBMIWZGACCNLGUDU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3448_VBSCWWMWFSIEQVDX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ZU2DS5.exe

MD5 f06106daa284eda456186d389e961eba
SHA1 bc4c67cd08a70ca42baba53f0ab8933b3ff67df6
SHA256 cc8ded230163609cf6f8ca2821c0d2c2594c8ce686f959cf597e783b4b081bb0
SHA512 59474d3fa1432a22b886d71c3d153cfc10967b4518a96bf054004e6b35a109eb464d9693e60bd05f996edbb9ec99dad8cd9a83ea9f936cf81a5527e9853efb5a

\??\pipe\LOCAL\crashpad_5112_SUYANYQTTBUPOEWS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ZU2DS5.exe

MD5 f06106daa284eda456186d389e961eba
SHA1 bc4c67cd08a70ca42baba53f0ab8933b3ff67df6
SHA256 cc8ded230163609cf6f8ca2821c0d2c2594c8ce686f959cf597e783b4b081bb0
SHA512 59474d3fa1432a22b886d71c3d153cfc10967b4518a96bf054004e6b35a109eb464d9693e60bd05f996edbb9ec99dad8cd9a83ea9f936cf81a5527e9853efb5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4740_IABJMVNSLBPKGMQJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5c7653bad90b6b8182697fcc2aba828
SHA1 cf87a790d0c4752ce567c42abc50510aa75ae0a1
SHA256 a455ed16d69ddd37c181cb82bbefa59db3e0a022262232aaa569dba3f2ecdd8b
SHA512 a9c08f43fd90be5b60e1950323767541dc2e8a6124440f287c4a84b5f180fd2a5efc908659429aac361412ca6c3a29eecf91730b3bba9372e30051022047ebeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d997dc1a-7347-4c5f-91b8-30159e57f33b.tmp

MD5 ca64131ce9617d249f8eee6a29c9225f
SHA1 af62986ff87638aed4aefbb317ba0cf8b8d5e04c
SHA256 9d11ffc08832d3ded7bcb5fb681a0e57b733c4579d30c341c42a8d8015582c25
SHA512 ce2db94ced7f521d664049f6126b3d68483051127d142007f15d7ad0b9576de9692cae3c99bd1dae49c405b1583d87c34f3284be31da170b19013f36b3ff03af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d3487d5c-5245-4d4a-89ac-a96f03289915.tmp

MD5 6526187fb3059e9bcc4b431c451a06a2
SHA1 14fabe209e50488c01e15c8e18ad29eb9862f999
SHA256 a077eead2cbb92e8ec79f80f71c3139acf8aa709cfbf30f750bf7d4a60d24b85
SHA512 7aef073949ac1dbd4bb4e71627d86375a44f4b86247afdd6815a21a401bd27a35d90f650b7e6a657fa0747665df8a895b5d56c450d57adfafa07de738f5bd9ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d27f240d1fb0dbe9d51229a9228c4690
SHA1 66a51d8ea3681ca1bc97285d81b9decf881b9511
SHA256 9303a4dd9f92cdee5d169965933a24fa7274583d10cea0f1e220d264a104e01f
SHA512 0e925905c14c0e91cb57b8dddbfe6b606a7cd6e1e97f453070a42e2e688502a875887642958a2665ab5ccc3337263f9bc50d1984a05d69063551d7392f6249e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d27f240d1fb0dbe9d51229a9228c4690
SHA1 66a51d8ea3681ca1bc97285d81b9decf881b9511
SHA256 9303a4dd9f92cdee5d169965933a24fa7274583d10cea0f1e220d264a104e01f
SHA512 0e925905c14c0e91cb57b8dddbfe6b606a7cd6e1e97f453070a42e2e688502a875887642958a2665ab5ccc3337263f9bc50d1984a05d69063551d7392f6249e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\97e18941-a1c2-42d8-bc6b-a7de77c0d47e.tmp

MD5 cf48141e585789a21a223ccd11dee147
SHA1 50a412105dee5544594e632bc970ddb67a174b1e
SHA256 8a69afbc0ee8ab3a844a38666c628c828600792a83c8aa456f1ffd9a2c1cf1d0
SHA512 b259e81abaa5f409ebb99635b451aadbb05eb67df22ac21ae9324dab927562af2e68a1871bf6ae952f1545ef91a920acb31a8b1bd75b06cc4cafc1bac5a374e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\330f7139-e2b6-4481-b961-966799e99383.tmp

MD5 af7f540e0330fcaeab187a193eeed8c5
SHA1 659a00113e3271969a655a6172ae70b0ce5036b4
SHA256 6d55618d8a871344b3b5167c3682176610a6044f54c3848a4650bdedabd8c061
SHA512 f8b908db39e56be9d1824babb63c134335d39f146ed759a3359f81cd7f945cf6b661c476082aee55bc4cd03eb223a8fd75723c9e89758add358e1d6c4e773f78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\35836fcd-1371-4ea7-a058-89b7a6d29773.tmp

MD5 40c4505e0a5199044fd8d3b245633a74
SHA1 2fc7a8aacecf58d05e3e9c455bdc3e247aa5d360
SHA256 7fddd0a269310b80c2704d5f99f0190dd884826f029dd2131ab50ba9f62d0440
SHA512 36e689c3ee93ee5bfd48c79affab16023365a2844f656e98d46001631fdfd99bc2376dc1be4161f39cea3213edb7b3516e1de46ec633a94beb08ca7c8ffe35e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 05158966f5bc18e6a5b7027ff1811714
SHA1 0676cebac5e9577a0267668a5bc8b649b3791507
SHA256 6d35d3bc15105fdd8f040441098f3f2f95d551cc7d778c66eb5facaed428f6b7
SHA512 07e485f4b51ddbe4e0b314ac0b9d13a6fd931d0e2489b80e797635eda15323602b492a945664483fbf8c0152984268e3aef86b6c2101c3ce24584096dd9d143e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5c9279ec-e58c-4592-af64-b3f71fca3520.tmp

MD5 70116e3db8934af743db5f053d00a76c
SHA1 77a2d61efe260d49fdf4b1d3e3a3f1cd171e3870
SHA256 e54eb83c4b63e00edd4fc21336ddd732b607110cb7803875cc39eef98d5bf321
SHA512 f9153de8b4aed4b11a0aa4baeecfa92d743a0dafcdae539aa7a891d812a37754d5d4e6e27eb2077dd5dc9fc75acea949c1388f645bbdf933ed31d3fb8369fe7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 05158966f5bc18e6a5b7027ff1811714
SHA1 0676cebac5e9577a0267668a5bc8b649b3791507
SHA256 6d35d3bc15105fdd8f040441098f3f2f95d551cc7d778c66eb5facaed428f6b7
SHA512 07e485f4b51ddbe4e0b314ac0b9d13a6fd931d0e2489b80e797635eda15323602b492a945664483fbf8c0152984268e3aef86b6c2101c3ce24584096dd9d143e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5c7653bad90b6b8182697fcc2aba828
SHA1 cf87a790d0c4752ce567c42abc50510aa75ae0a1
SHA256 a455ed16d69ddd37c181cb82bbefa59db3e0a022262232aaa569dba3f2ecdd8b
SHA512 a9c08f43fd90be5b60e1950323767541dc2e8a6124440f287c4a84b5f180fd2a5efc908659429aac361412ca6c3a29eecf91730b3bba9372e30051022047ebeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70116e3db8934af743db5f053d00a76c
SHA1 77a2d61efe260d49fdf4b1d3e3a3f1cd171e3870
SHA256 e54eb83c4b63e00edd4fc21336ddd732b607110cb7803875cc39eef98d5bf321
SHA512 f9153de8b4aed4b11a0aa4baeecfa92d743a0dafcdae539aa7a891d812a37754d5d4e6e27eb2077dd5dc9fc75acea949c1388f645bbdf933ed31d3fb8369fe7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5c7653bad90b6b8182697fcc2aba828
SHA1 cf87a790d0c4752ce567c42abc50510aa75ae0a1
SHA256 a455ed16d69ddd37c181cb82bbefa59db3e0a022262232aaa569dba3f2ecdd8b
SHA512 a9c08f43fd90be5b60e1950323767541dc2e8a6124440f287c4a84b5f180fd2a5efc908659429aac361412ca6c3a29eecf91730b3bba9372e30051022047ebeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 40c4505e0a5199044fd8d3b245633a74
SHA1 2fc7a8aacecf58d05e3e9c455bdc3e247aa5d360
SHA256 7fddd0a269310b80c2704d5f99f0190dd884826f029dd2131ab50ba9f62d0440
SHA512 36e689c3ee93ee5bfd48c79affab16023365a2844f656e98d46001631fdfd99bc2376dc1be4161f39cea3213edb7b3516e1de46ec633a94beb08ca7c8ffe35e8

memory/7828-268-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7828-326-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7828-309-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7828-329-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MI89nG.exe

MD5 d2997ba3a18ffcf0edca32e435ca0617
SHA1 f0513e926e5c54a42f15553fa9e5d82b7a1649d4
SHA256 604b5982349d1c7992ce3b9e38b088921a952c7ec4e7b2d08711af3b16ff4ae2
SHA512 c949216b3a1ea1c653cf1177142756647aad9ca36b525483bc980112890f22ec1b2e121158f8bb864ae3cdd8630a45d2d90d5f8e350347b266da0489d6313e1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca64131ce9617d249f8eee6a29c9225f
SHA1 af62986ff87638aed4aefbb317ba0cf8b8d5e04c
SHA256 9d11ffc08832d3ded7bcb5fb681a0e57b733c4579d30c341c42a8d8015582c25
SHA512 ce2db94ced7f521d664049f6126b3d68483051127d142007f15d7ad0b9576de9692cae3c99bd1dae49c405b1583d87c34f3284be31da170b19013f36b3ff03af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e6294b4-755f-4f8b-bda5-1ce840b2fc9e.tmp

MD5 1ca8db38d15abb1539b6e2bfcba82e32
SHA1 e0a5e1cbfdfe86edd5514e8b660117f2707db25c
SHA256 5b0c573921d8d9915f44c0bd1c5202ca6dde59531248b2b27b0b4a4f14949396
SHA512 731b826e7acc3e3503a96d73d6ad73815e301e98b45facec08148df36675d81a01e476870c811e4c533aab3ee6707f6654cf167aa8d9961263f7e25426cf983e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a17002779c296b721bb81f2ec1fe4a7b
SHA1 5816e5c7adf0fe70310d3acb57893e9dc6ca57ed
SHA256 6c1d78fd1c061f679e682b7386b40960b00616cc0ba98acd532a087e3d7db350
SHA512 a68936f610a864faae783541a1ea61dac4bda07926ef400e73564209275ff5bbb26eec49f388ff48dbdad6bd262f5d0a28d4ad8c1f7611ad16bbc8b20e0cfba6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\73f04784-bffe-4cec-a3c6-e669d1556a0a.tmp

MD5 6a96d1270af235206aafea0917645be1
SHA1 76a50474858251b29a0f00643a7dab27f1b02f40
SHA256 b99419a342be92c00759c9520b558751b908a9d63e26da4ac0ac90d1211e72ad
SHA512 a1adf231077c5d747a51b8b534b0c43573e6fb31f306a6dea3ec8b99da92df6e29b8807419e33c0b9691ec3bf0339aa52463cb18af3e022a667e4ef5e47a9720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b0f5ee573fe27d85177ab02357e6b10
SHA1 6125b0907e1fa6fe1ed38eead2433879fe5d0f0e
SHA256 3768546e3203c6a0a75e175c1ac7fa217df2ec48789ca7cae20b52469923aa22
SHA512 738ea3f85bd2c7ce9fffaa9af435ac153795a6ee85eedd39b662f513992a46e149e4034949710b913b6e6d8a4f0079cf8cd332920e98796b6490f6a3dc7ebd5d

memory/1912-659-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1912-691-0x0000000073FA0000-0x0000000074750000-memory.dmp

memory/1912-692-0x0000000007820000-0x0000000007DC4000-memory.dmp

memory/1912-693-0x0000000007310000-0x00000000073A2000-memory.dmp

memory/1912-700-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

memory/1912-703-0x00000000072F0000-0x00000000072FA000-memory.dmp

memory/1912-706-0x00000000083F0000-0x0000000008A08000-memory.dmp

memory/1912-707-0x0000000007630000-0x000000000773A000-memory.dmp

memory/1912-708-0x0000000007560000-0x0000000007572000-memory.dmp

memory/1912-709-0x00000000075C0000-0x00000000075FC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 39226a8809a0aa0a03a32ef6b1ca1a9c
SHA1 cea59396b60eaa22e746e5adf2991970cf131ea1
SHA256 74abff0eab8810886ac2d314c4bfc918678969e204a397533028188afc638128
SHA512 816185f6188312c8508dcc9cec262d4c821c90fb7c2b41f552c0435c41873feda59ae966846cb67fabefed13f3a13ab811b2131fba2c858ba05959cb27f6b3d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588fd7.TMP

MD5 eccaf24df60c09e1ab3e79d76af4a9ac
SHA1 66360922fa7ddedcafd4896013b0cb874c82508a
SHA256 aa01dd3c0148ed98395b7268d0e8a8311a7f338d62680ee1633d2e56d5a7fd32
SHA512 7a29016de4ade9d15f8e272049dbbffd52a208c9d574c599e6f2882275c39a727f7f308cac4cbeaee04bafbcc21598b915b848347846133fa5b1aa4ebaf13e91

memory/1912-741-0x0000000007740000-0x000000000778C000-memory.dmp

memory/1928-761-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1928-762-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1928-763-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1928-765-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 017d5741d33a1277e77da1a192882ba0
SHA1 804721d380970ab1ba7c3a2ae364d645b6d2c4d9
SHA256 025a2ef52f795ce6dd484b110872d210dcf63929db0a021782eb0c732f9c99ce
SHA512 e374dafff97a2425d0ba1c2f5a7da74b9ec2faa33d791a2c7d0e87c542e90e7dc42285dcdb3c3416c9a9152e7f2e03a3aea94af2bbbad29f4c05b2fc6a751f89

memory/1912-807-0x0000000073FA0000-0x0000000074750000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7c384cde0b40a224862ad8c3a5effed
SHA1 f4a5523cf4e04db4215c6e82668357f280b4a2f1
SHA256 90b94a249231fdd080794fcdc80fbfbbfbb6d11bffac0d96cdeb01c743e6ee7e
SHA512 2783f221bee188a3157eff52ab566bacad0cd0809c609f9ec81cbf79384a89057fc59079e33f1ddd1f2330893d14f16717dd51e4ee12658c3b7f8f1a0e837960

memory/1912-827-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f5fa7ecad02a9394a62cc463e85c6e49
SHA1 b0aed0fca1b0184934f3e582315d4493875a7adc
SHA256 1c87c2e6a27905c5e2f82adca716a6d64cd52f6649e1ea70a06c2b7f5f620d8e
SHA512 140e2af4ab39f088636ac9cbdef6bf65b194518a7b38f52564d005349f562449521ec9cccc6ae0f0cc3c66ea83f5f8d6855514a9f713046fe00ec28213a0d496

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f86d42b4a092f3af63db5a282e787579
SHA1 e9df885c39398214866f946ce1cc71ce17b1178f
SHA256 c38926dc1ab78460463a85cfb378c036439eee5fd3553824862406860b69c7d9
SHA512 cedc8db175f05130941659834968076b5a1a184b4d960d659ef347e2a42dc2246fb9b1108ebbf7a46c9a313f56dc6b9512a24f250f56bb778d5c8581065253c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 42ebe752b33cec5ef8fe15da14a5096a
SHA1 5d3927a429219858d5cf238eb425b9766e174877
SHA256 cab0e3fd08eb104a728be947b09d844205bc0b664d21596fe793061930d7142f
SHA512 4c4f9f642bc7044a7c836b9c4eba9ba37244413fcb2038efe0e3c8f77ae49d25b08bd01644b4adceebf47002e03640f24ab3e93116496e04f6ebdc950210ff79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe591033.TMP

MD5 1452dd015076eabf7bc3f27616d0b973
SHA1 521a9c7862b3be4e1025ae9ece8749b9f35aed23
SHA256 6c32586f06ea2ee558cc5d1cdeff479203aa35fa1707a81fe570e7df947f81a0
SHA512 2e607cae175f069fc29c497569ddc7635e0c55183853c8aef05196d8468157a5617a3bca089ecace680371fbe5607e82057c34daa0189aa945d9baf8af41a72e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 09c99fb336609c9d53952030a894e879
SHA1 96f34d23a4e73a324f8cab5b6941aa93314ad51e
SHA256 36e7e17eb9ff4c6984fb17d0add73041b8ad4e0bdce04ff7dae7be6c3db8c3bd
SHA512 cc2f693f16e697f1bb1a8876b8b6a8871832cd05ca64d97ca44b6979242f55634be38e12a463735bc02a486572e6682186c1c2ab3507c3b06128cd65546a5976

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54e5e221931abbf3406491620d2d178d
SHA1 497ab3f1b37bb6f61fa976dbcf283d634fedb817
SHA256 992f8d0d53e46a3b8e2c362019ccd6ef15b44e50a0439a150fe59f5e92c75271
SHA512 f36bb6993a9aa4b0497be16a3be474afd0c1bf66267618f421a0a44c012e9034708b1b3fa97da1ebef97b6f693d89c2217c5f1e416fd45ac1b13271f9096dc1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c138b32b896bba8b57a5f689e99b023
SHA1 5f4c591ee6f7328465751afd032e97e6ef375811
SHA256 ece102d2c62f7d2bbc20b7b35734e9d5379becbe9534cae5fdb667f66787adba
SHA512 bcf116be4e8bf11a9afba97c877b0826bea052d1492f513aa208b4534a1ba9eef93560d744ad73cba497755883cba0d4404a14daa7dcf57b8a0cdfa1e6873bd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cc404a95c8ca6e3eced3dd38de38ab39
SHA1 b50c64cb2bb3ce92eb61bac68efbd443e2bbd4a1
SHA256 9ba76d58154a4480dab908a724bbd28e144752e605a6020aa106e664320e88ea
SHA512 7e81cc2942fccd6630821ed38bb80733c2774d2b8ac2212f1968d093436f3cf917cc526e7f505da3db5849d02f8690741f991b38fbf3d30dedc22030ef99b9b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe594d1c.TMP

MD5 2ac5d5d00825a57d2cff0858982e3589
SHA1 18cd88ea1622897bda4a11a2d882d0baed744008
SHA256 d0ef6f57c4c946f2b4826efc61a6c01f8ebdf82ebf30c40d693d23a2402afb44
SHA512 5ca174c427f05f364784e7923ec4ce0332e6eb4f39d4b1cf5dd568a975690da011c554cccffe9571a6f332df155e41f2d107bcb39992836d0c70f1dcc6225720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dc9cc221-3988-497d-b9a4-d3df7db08a2c\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3a519589fc96d2c7bee71c1a3ebe6205
SHA1 ad4daa7cfa06953689ba078d6f1790771a71d10c
SHA256 765c1cf982454ec830bbf9989995b31b5262ac95b362ad8e5a31cd1bc320fb70
SHA512 18204c313e915ad3effe5fcead10e15be0e48c122ffa923f169f30d97436972fc3c0abdf6090f3d43985d68bed1737ca85e8357a0ca9253eeae02c54bdbe12eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b3a10c63-1154-4a64-bc7d-3583e3a09baf\index-dir\the-real-index

MD5 e44167c68ef6fdc8e5a77921a375a707
SHA1 dc2bb19f44af1a0f99c2f13cabd43b05c131c75c
SHA256 14fe4256b55beae0c3a854f1aed033732adcec7ef71925a51f9d11e2d98d53ab
SHA512 a98035d9b3525635202f58ef8f8733c9ea5bdf1b7cf41bedc631b926eebdabefc32a8ec33307937baf8d0a74a2ab544e77b56510c7ab4e2e5d59def0cb7af731

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b3a10c63-1154-4a64-bc7d-3583e3a09baf\index-dir\the-real-index

MD5 e6eea53b71a6ac65b22939efd3d76218
SHA1 de5ccda20749b09d1ad752fcf701a060613d3e61
SHA256 e24339608969c5c935643b2b16baee594a1aac6c450f8d364384a2a664acf437
SHA512 68923294e0758762c96c89f94e892a9b425d64069e50dbe101896be23b6c9db86f082d6b803f7cfa87d9abcf14d43f08c1aa8330c7c3232b6b23add8506cdd08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5e89ddb5f44e88f206da6218f7d5e6d6
SHA1 b08f0705d7ab16e4a763a17e170d00a1296edf0b
SHA256 ccae9641deec74475505ddcc08493828eac1570b94340ff256375f142cf50224
SHA512 5fa365ec301f107e6f128f4c1714ac24461e8ec8770145f8bf629cd4fa79dc2e945601c8d3968c4d79765c290d968c40971ffceaa15a5b09e0cffda029bc999d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59646d.TMP

MD5 81d58f0aa9816b5953ea75eadf61e068
SHA1 81a7451d6c97aab45a7520577ad4e5be831baf09
SHA256 3a95054ef334b5e28e8c9d95f40a827d996f107a33541c8200122f27fad0ed18
SHA512 6a88c4457586cb27f95f473ace6bde68e94cca337f258cb4010dedad9d717b50b7fa0c4c495f67b9d32e9068c5f8ffdc3558a9d6934e6826de74f5dcc138bf4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4c1591da5b8d18ae7bf6cc246fc273d
SHA1 dec282a748854764ce721138249333efba6e9252
SHA256 f6368821d76d29e066ccdd6742af9de7786fc87fbbf240995e54380346df9c89
SHA512 5e002e79509032ba53a0d4b9f21fad109b4372b4ee0891bb6f6c410953d7c51d0de460165d9293a3f406b3519c9718763357f00b47bd38a7c901e0a90d57dca6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a2261e47e888cdd5dc9c6507fc3af843
SHA1 248870e63da87d5b2ec4e6f0f6c86f061e8b5f88
SHA256 73009e2f9b322db95ad16519fd19963032163e6162815b175002ec993376e0ab
SHA512 42f714e441564baeeb48c04923b8db011d20fa7d6086c82541bb24c02a575ab977d38337fb5268b695d463bf2dfc5b588d4e7da925ec7ce0c91bef24d929becd