Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-fhq6naca23
Target e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80
SHA256 e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80

Threat Level: Known bad

The file e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

RedLine

RedLine payload

Detect Mystic stealer payload

Mystic

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 04:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 04:52

Reported

2023-11-11 04:57

Platform

win10v2004-20231023-en

Max time kernel

203s

Max time network

211s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3644 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
PID 3644 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
PID 3644 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
PID 2528 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
PID 2528 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
PID 2528 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
PID 4436 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
PID 4436 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
PID 4436 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
PID 4488 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 4200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 4200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1220 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1220 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2320 wrote to memory of 8 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2320 wrote to memory of 8 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
PID 4436 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
PID 4436 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
PID 2620 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2620 wrote to memory of 5972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe

"C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10142372700687242580,1417064604839447938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5979320369497424088,13037575705048477075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,4602793519419184294,18179608880908948163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,4602793519419184294,18179608880908948163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3797645150732756337,9635355139841849064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5979320369497424088,13037575705048477075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10142372700687242580,1417064604839447938,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3797645150732756337,9635355139841849064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,7507105039278459363,3126443889073902430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,7507105039278459363,3126443889073902430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,13737509165814534820,3662626437898808012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,5554939632075731565,15697947215007454895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,13737509165814534820,3662626437898808012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15474331956926049595,2800111907384645347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15474331956926049595,2800111907384645347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,5554939632075731565,15697947215007454895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15522665363532949112,7733895597110653213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15522665363532949112,7733895597110653213,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MJ25nP.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MJ25nP.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 7220 -ip 7220

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Ma590.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Ma590.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 store.steampowered.com udp
N/A 224.0.0.251:5353 udp
US 34.203.135.243:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.129:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 34.203.135.243:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.129:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 243.135.203.34.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 t.co udp
US 68.232.34.217:443 video.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe

MD5 73c2ebb34df36e61fd19c654642cfe6b
SHA1 18b85d4374fdca675f4bd29692a005da58692ffe
SHA256 3741ec097aea79e32bd819ee58b12c0ad85002e836ac3631d1797ab51e655ff9
SHA512 0cdc5b710fffd2b9e53c7b653cfed462d21f7b5a185388804b72b1ae4cc64980284e7d8fa7d49c14872e3aed3cf639887a3270cf0072f08fa4650f14bc113f47

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe

MD5 73c2ebb34df36e61fd19c654642cfe6b
SHA1 18b85d4374fdca675f4bd29692a005da58692ffe
SHA256 3741ec097aea79e32bd819ee58b12c0ad85002e836ac3631d1797ab51e655ff9
SHA512 0cdc5b710fffd2b9e53c7b653cfed462d21f7b5a185388804b72b1ae4cc64980284e7d8fa7d49c14872e3aed3cf639887a3270cf0072f08fa4650f14bc113f47

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe

MD5 ee5a3bda6aa5b07219ea2db663a1019b
SHA1 19a0368167b23739863da06b89f3dd56ce4a7f71
SHA256 c94180f824f108206b039ac6f43279af3afd8c1dbf92aa665c1259a2e88e5ad4
SHA512 f53fe3fa79829e927c6bcb95093e4c4c466fdc7bb3caf2cecf493d93e8fa769866c21ac639580a681619d654f8335fa8cf829377d62243be992bdd1cc7f370db

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe

MD5 ee5a3bda6aa5b07219ea2db663a1019b
SHA1 19a0368167b23739863da06b89f3dd56ce4a7f71
SHA256 c94180f824f108206b039ac6f43279af3afd8c1dbf92aa665c1259a2e88e5ad4
SHA512 f53fe3fa79829e927c6bcb95093e4c4c466fdc7bb3caf2cecf493d93e8fa769866c21ac639580a681619d654f8335fa8cf829377d62243be992bdd1cc7f370db

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe

MD5 4c8a590f38952df00263b502601581af
SHA1 da91394214298bf392ad0fd4ca6d325e7e920d42
SHA256 f5faa92aac63c6b9777cfe4204a92c326665d30aa8312b4310a42145a8acc1c6
SHA512 3bd80ec855cdd0aee201a91891e00d0e43a1ed7c7cba9b9ebfd0362b87b20c3a580f3ad54d07af8575587d2ce7af502a893a08d43fc042e0b0a677c6b017fd6d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe

MD5 4c8a590f38952df00263b502601581af
SHA1 da91394214298bf392ad0fd4ca6d325e7e920d42
SHA256 f5faa92aac63c6b9777cfe4204a92c326665d30aa8312b4310a42145a8acc1c6
SHA512 3bd80ec855cdd0aee201a91891e00d0e43a1ed7c7cba9b9ebfd0362b87b20c3a580f3ad54d07af8575587d2ce7af502a893a08d43fc042e0b0a677c6b017fd6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe

MD5 b3ce354edb895bb87b53a344bca9c915
SHA1 64d64820920298bfe5d37a13de1976b1767aea24
SHA256 099c4386f5ae6860e0426cf85b3320e110de83d6b4a523b39ad45235cc5c3f77
SHA512 0ca3371dd3b1852138ba625f5451972b0f5c6ade805ec4f686aea8312c5c182424b533a2eaa1f43619f1037ce5831c9d777c9d14769e94d7cabb66bb0a0b0e62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe

MD5 b3ce354edb895bb87b53a344bca9c915
SHA1 64d64820920298bfe5d37a13de1976b1767aea24
SHA256 099c4386f5ae6860e0426cf85b3320e110de83d6b4a523b39ad45235cc5c3f77
SHA512 0ca3371dd3b1852138ba625f5451972b0f5c6ade805ec4f686aea8312c5c182424b533a2eaa1f43619f1037ce5831c9d777c9d14769e94d7cabb66bb0a0b0e62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_2620_OAIYLQVGXGQCJATF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3740_QBAYNQPCCIBDIDPQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1220_MWNAMXREIYLFPOZB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2144_VGNEGJUVZOPUNOYO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4368_FQYPGDTIUENNNWMA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2320_JSSPTCSDUIWEFPIC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_532_CHZILFFVYKQCBJWY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2944_KCELVNPKZZVIFHJO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1208_AAKUQAJFMVEXSTYL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b297a1c5c8d6538c4230874796e3e8f
SHA1 351c3cd05e135af5362afd613f6ed2fcdaf8c707
SHA256 1533222d4abff6b2854916f268ba71e7a0063ae108873eeecabbd63df9a7be63
SHA512 dba99bad4e9da5441e9d928b3e696d9245d3e6f458426f597a63adbd238dd705f467ccf7ec9379ad29ab6cae7c8be9ef2b38f5df7ddb2f3f7ef35930bffc72b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b297a1c5c8d6538c4230874796e3e8f
SHA1 351c3cd05e135af5362afd613f6ed2fcdaf8c707
SHA256 1533222d4abff6b2854916f268ba71e7a0063ae108873eeecabbd63df9a7be63
SHA512 dba99bad4e9da5441e9d928b3e696d9245d3e6f458426f597a63adbd238dd705f467ccf7ec9379ad29ab6cae7c8be9ef2b38f5df7ddb2f3f7ef35930bffc72b9

memory/7220-189-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5fe9c5fc-646c-42eb-851b-e674805085b1.tmp

MD5 70c059d35593cb01c1c346fc3a273ae7
SHA1 28a1b53afc17e83eaee40d2ec4c3c66aac7b7e72
SHA256 49c2d855cba25315a0bfbc1eff0872e9a9d6fc063b4c289e7e8e716b289515c1
SHA512 594520aad0d20853876f6c89199550ea515386eb85c6de3f36ca39c9f511f7d083db9a2ac754be0404c52897bda432428316bbfac7ab62540df198985f9ca235

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\15d09e86-5e8f-43fb-ba5c-275216ed436f.tmp

MD5 5b7cee9a92ade3f6c062102dc56b4143
SHA1 670dc27b07e2f4d7284a54c54c5d27868e26fba3
SHA256 5c00f28f718e40e5cc9362145f1a3515a1b4f91159c09e0418e7cafbc667b65e
SHA512 57e68e62b4d7e666e6990a566e7d524e97ee891c18b8a87cf072976ba9f76162f0415b1f20b5474addfe49ac95505cbe7acee176dc3c1de63d31fc5fef4d49dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f84485a122fbc24a1337ab6dab676e98
SHA1 3834e18314c973636abda38ef971e9602b293e0a
SHA256 e5b7ee921552518aa60449aae7fe4f22f4b770016e8a1ed3df84526aa269b55c
SHA512 3819036c3cfe9dac98773a6b3c9eeb8063e1894976e721c87c243ef60f98e7b1366eeaa4bad97bd82800c2b07429efa10925b0b4e84ee877b6c6cdce891937e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f84485a122fbc24a1337ab6dab676e98
SHA1 3834e18314c973636abda38ef971e9602b293e0a
SHA256 e5b7ee921552518aa60449aae7fe4f22f4b770016e8a1ed3df84526aa269b55c
SHA512 3819036c3cfe9dac98773a6b3c9eeb8063e1894976e721c87c243ef60f98e7b1366eeaa4bad97bd82800c2b07429efa10925b0b4e84ee877b6c6cdce891937e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7bc5dd970a6fa81f1e9b9f80b34732cb
SHA1 5d3a9cdf24e3bd1d5b3694e3c87c9f5aaeca910e
SHA256 adf93339827c6c7e362b1c5a54c18a7e70625458171055d525ce0e5b74f626f2
SHA512 165691c9ce412c1832e6d5335857b7b865d81aa1733ce2afc56a91c26dc594bc407803ebd888007cb436a9d905b4a553c581e154c7ae0385420cfe22d06bac7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7bc5dd970a6fa81f1e9b9f80b34732cb
SHA1 5d3a9cdf24e3bd1d5b3694e3c87c9f5aaeca910e
SHA256 adf93339827c6c7e362b1c5a54c18a7e70625458171055d525ce0e5b74f626f2
SHA512 165691c9ce412c1832e6d5335857b7b865d81aa1733ce2afc56a91c26dc594bc407803ebd888007cb436a9d905b4a553c581e154c7ae0385420cfe22d06bac7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b297a1c5c8d6538c4230874796e3e8f
SHA1 351c3cd05e135af5362afd613f6ed2fcdaf8c707
SHA256 1533222d4abff6b2854916f268ba71e7a0063ae108873eeecabbd63df9a7be63
SHA512 dba99bad4e9da5441e9d928b3e696d9245d3e6f458426f597a63adbd238dd705f467ccf7ec9379ad29ab6cae7c8be9ef2b38f5df7ddb2f3f7ef35930bffc72b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70c059d35593cb01c1c346fc3a273ae7
SHA1 28a1b53afc17e83eaee40d2ec4c3c66aac7b7e72
SHA256 49c2d855cba25315a0bfbc1eff0872e9a9d6fc063b4c289e7e8e716b289515c1
SHA512 594520aad0d20853876f6c89199550ea515386eb85c6de3f36ca39c9f511f7d083db9a2ac754be0404c52897bda432428316bbfac7ab62540df198985f9ca235

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5b7cee9a92ade3f6c062102dc56b4143
SHA1 670dc27b07e2f4d7284a54c54c5d27868e26fba3
SHA256 5c00f28f718e40e5cc9362145f1a3515a1b4f91159c09e0418e7cafbc667b65e
SHA512 57e68e62b4d7e666e6990a566e7d524e97ee891c18b8a87cf072976ba9f76162f0415b1f20b5474addfe49ac95505cbe7acee176dc3c1de63d31fc5fef4d49dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 37dbc9fbc76262c8c1015c2bd7cc9b28
SHA1 4afc4b1ba91a114f3c4ebb4e2994b8ab68410a73
SHA256 c05d5509598a344cbefc208a265e958788b9adca89db1072f9ac48db68a3fd07
SHA512 dbab1cbc39620f2a976ac8b3a45acd01e8cd6c33381f3d7246d6ac3a936b058cb0f127f5df9e6021ca5f22607a9f31d964d153e8ebd85d92ca52dc5547a9a779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 37dbc9fbc76262c8c1015c2bd7cc9b28
SHA1 4afc4b1ba91a114f3c4ebb4e2994b8ab68410a73
SHA256 c05d5509598a344cbefc208a265e958788b9adca89db1072f9ac48db68a3fd07
SHA512 dbab1cbc39620f2a976ac8b3a45acd01e8cd6c33381f3d7246d6ac3a936b058cb0f127f5df9e6021ca5f22607a9f31d964d153e8ebd85d92ca52dc5547a9a779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 311c0a2148e5a585d98b6e0a922e67c1
SHA1 373e4681fc96d1128b47830bbdb0de9723ee7355
SHA256 d646d212135e5880a74cf4e996e9973b21d40a6205e708f1266dbc34ba743034
SHA512 9888d5662a2030195cd6d3d030ae5ded7cf44cc721f53d1b8bb707acee13e9e450541afd3fcb24ea886376dacc6d26185e405442496c336b66967263b68624c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 311c0a2148e5a585d98b6e0a922e67c1
SHA1 373e4681fc96d1128b47830bbdb0de9723ee7355
SHA256 d646d212135e5880a74cf4e996e9973b21d40a6205e708f1266dbc34ba743034
SHA512 9888d5662a2030195cd6d3d030ae5ded7cf44cc721f53d1b8bb707acee13e9e450541afd3fcb24ea886376dacc6d26185e405442496c336b66967263b68624c9

memory/7220-266-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7bc5dd970a6fa81f1e9b9f80b34732cb
SHA1 5d3a9cdf24e3bd1d5b3694e3c87c9f5aaeca910e
SHA256 adf93339827c6c7e362b1c5a54c18a7e70625458171055d525ce0e5b74f626f2
SHA512 165691c9ce412c1832e6d5335857b7b865d81aa1733ce2afc56a91c26dc594bc407803ebd888007cb436a9d905b4a553c581e154c7ae0385420cfe22d06bac7c

memory/7220-267-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\51fe8c82-ac99-4230-863d-c6f361d2931f.tmp

MD5 cbc6700ec0b2ee4f6d072f2c39b8ab21
SHA1 33884c348fd2d493fc81f29c9f1899b21b235eec
SHA256 aabc24a1c42e546dd3d70ab95e3387a4cef2bdced950069def79472dd61cbcef
SHA512 a7f85304f51755c0e489418790d2fdb3180b6a0e720345fbb7524e25533a708117cf17efb33857b105f8d5e627c3bdfb68dc4a64f3afd29c10cd46e704848a07

memory/7220-269-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cbc6700ec0b2ee4f6d072f2c39b8ab21
SHA1 33884c348fd2d493fc81f29c9f1899b21b235eec
SHA256 aabc24a1c42e546dd3d70ab95e3387a4cef2bdced950069def79472dd61cbcef
SHA512 a7f85304f51755c0e489418790d2fdb3180b6a0e720345fbb7524e25533a708117cf17efb33857b105f8d5e627c3bdfb68dc4a64f3afd29c10cd46e704848a07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 311c0a2148e5a585d98b6e0a922e67c1
SHA1 373e4681fc96d1128b47830bbdb0de9723ee7355
SHA256 d646d212135e5880a74cf4e996e9973b21d40a6205e708f1266dbc34ba743034
SHA512 9888d5662a2030195cd6d3d030ae5ded7cf44cc721f53d1b8bb707acee13e9e450541afd3fcb24ea886376dacc6d26185e405442496c336b66967263b68624c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2ca51a6aba13a47d79405bf22f7099f3
SHA1 ad57fab1d74b30d974b2f2283460543324083d42
SHA256 4ab9c9c40c59c8c0035c942756fe454d3b0111d673f1e51d3b9c1c22837680e4
SHA512 93dc58d62d9d3cea12a0675159b049a38eafb25a329ab5030f13fdb902d25bba91776f190e9194244fe88e2ec38d2a49962c5137cf75ce0cb8899d6cdd5878b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8849e5b7-65d4-47f8-b822-88eb50a733d8.tmp

MD5 d5255d862496796a0b7733def1ef6b8e
SHA1 c01a0d21d4df6947c0af3d862b51cf9d39bf36eb
SHA256 02e7cee9154accce0f5fcd671763438c0c615c15fe2227140c549ab4331eb345
SHA512 20f1b1b47d38940e89b34bf118ae86815b7377f96994345b66abe6ced068b3a577c726de67892bb5efc15edc6e5a61c958898125fa475ecd445e87668d8ee2c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7203b5d3afead631acdc7e9b43b60b3e
SHA1 611aed4533011883924ae5454306ad60f1cac39c
SHA256 e92a4c2d24219f536c32ebb80b66c098171dafd4e96b2c8e714805cf32112ce3
SHA512 1b4156aa86005ec0ae30424ebf1967533b10ec8c6700ecf0c4aeb021c820f5d8d15a544ebec094b5135c6a985aa34096981443cba0d662a1e63cc9251928ea79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/6024-425-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 30f48c9a492e3e4ec5ed91dcd25b6674
SHA1 94291d84e6eae4deeb910e773b554f123a71a807
SHA256 9dcc0e58b4fe9cd031f03298ea1e1988f0a7449beffbb7fc56c4da5993c863dd
SHA512 139bfa0a3eae9b4f87515dabb7fd19553a0324bab715f2c807f0c38fe5830b39b60805a48ec21b99dfeec04a159d08e8c75fe55529f749a3d3ac68502b3b95b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4f6b4684a6349449274acafc082e734
SHA1 bb068703fc67421739d222330558799162a164ed
SHA256 5901b718d8db0bb062f1feb90b6a1fbbc67e3a62ad42ae28ce915644894ebb80
SHA512 ba6323b684afa38afc7b6d761553fb1374e878e9112bdeebde88750ea77a2903ff37c6c77260074e182b2f85ad6c058d961828cbb904036368a1ee5a67070f5e