Malware Analysis Report

2025-01-02 05:27

Sample ID 231111-h3dgeade27
Target e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443
SHA256 e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443

Threat Level: Known bad

The file e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

Detect Mystic stealer payload

RedLine

RedLine payload

Mystic

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 07:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 07:15

Reported

2023-11-11 07:19

Platform

win10v2004-20231020-en

Max time kernel

183s

Max time network

187s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1072 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe
PID 1072 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe
PID 1072 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe
PID 384 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe
PID 384 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe
PID 384 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe
PID 3836 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2104 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2104 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1640 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1640 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4120 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4120 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 460 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 460 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2296 wrote to memory of 1084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2296 wrote to memory of 1084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4608 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 384 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Vn6123.exe
PID 384 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Vn6123.exe
PID 384 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Vn6123.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443.exe

"C:\Users\Admin\AppData\Local\Temp\e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x88,0x16c,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe356346f8,0x7ffe35634708,0x7ffe35634718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Vn6123.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Vn6123.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5320555142680422546,13332697611325730271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5320555142680422546,13332697611325730271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4565148575289466621,9619331794638527051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4565148575289466621,9619331794638527051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,18389075415503669239,13605863206500584317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,18389075415503669239,13605863206500584317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,5828236730791176359,8808459836127278911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,5828236730791176359,8808459836127278911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,16956192640580299789,3047396085478705203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,13863208350816568989,1553036492090575810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13863208350816568989,1553036492090575810,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5516110304979184830,6565437439016359365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5479765518663613763,10956724426468013399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15785097222529561796,2317608132632216477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3xu84hd.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3xu84hd.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 220 -p 6376 -ip 6376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13778295769201985453,15438798832134931799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 83.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 138.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 157.240.201.35:443 www.facebook.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 18.234.15.50:443 www.epicgames.com tcp
US 18.234.15.50:443 www.epicgames.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.15.234.18.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.1:443 twitter.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.158:443 video.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
US 104.244.42.197:443 t.co tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.131:443 analytics.twitter.com tcp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 131.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe

MD5 b7ae7c815addfc031f0cef058c2078b8
SHA1 d5c683aa7d65eba252ddd902869ad7c20ebdfec0
SHA256 9c4d40bca1803d44f6612304ca493941c359967af96a8762169cb274b9c6bf19
SHA512 0b852d34096a061da68cd01c5ba430a5126704023194acff97ac59014825a77243874bd7b5daa02fc855c487fa78038acc655f1f99544d67415343d29484c3d4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bU7up14.exe

MD5 b7ae7c815addfc031f0cef058c2078b8
SHA1 d5c683aa7d65eba252ddd902869ad7c20ebdfec0
SHA256 9c4d40bca1803d44f6612304ca493941c359967af96a8762169cb274b9c6bf19
SHA512 0b852d34096a061da68cd01c5ba430a5126704023194acff97ac59014825a77243874bd7b5daa02fc855c487fa78038acc655f1f99544d67415343d29484c3d4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe

MD5 575bda372452c47e622f262a62f2571f
SHA1 367b83f4804ec3fdb4135fd384fcf5fc2660c969
SHA256 bede97aa29d5f37aabfca205c4483c3815dab89e726f159c5dc1985ad6f90952
SHA512 8e7ef0f281c2cf0dc5fca048c1040a1b61b4ce49d95c899e7722611db4772995ee87873ca3b8543cb2819b673f537c66432edcea646dd725e012b353455b5148

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1sG64TW9.exe

MD5 575bda372452c47e622f262a62f2571f
SHA1 367b83f4804ec3fdb4135fd384fcf5fc2660c969
SHA256 bede97aa29d5f37aabfca205c4483c3815dab89e726f159c5dc1985ad6f90952
SHA512 8e7ef0f281c2cf0dc5fca048c1040a1b61b4ce49d95c899e7722611db4772995ee87873ca3b8543cb2819b673f537c66432edcea646dd725e012b353455b5148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Vn6123.exe

MD5 e3a25c25fcbf1430d6fc58c3530924f2
SHA1 62c6765b4b20366e848d72d0bad631df79d122d6
SHA256 bed3c833851876d10ee110daede403cc15bc52598d535bad357b942f689332ef
SHA512 4cd5ea98094af428d6431e337e0499eac87938fc9c7f649539ba79dcda2720ced6ff97d3284f09cce7efbaf999dfce86c04d542f2fb5b7a0920bfc88f70a4fb5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Vn6123.exe

MD5 e3a25c25fcbf1430d6fc58c3530924f2
SHA1 62c6765b4b20366e848d72d0bad631df79d122d6
SHA256 bed3c833851876d10ee110daede403cc15bc52598d535bad357b942f689332ef
SHA512 4cd5ea98094af428d6431e337e0499eac87938fc9c7f649539ba79dcda2720ced6ff97d3284f09cce7efbaf999dfce86c04d542f2fb5b7a0920bfc88f70a4fb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_4336_OQRNTFWTIKITLMWB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4428_QKKIFUSMCQDRDGMA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1640_NTJYXAARNOKIILXW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_2104_KOOPGUYFGAXTGVXJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_2532_GFIASXSINXDPPMIR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0697b1c144666fb9c1d954cb68e4c661
SHA1 737ff29e33f5bab47a6e25e6b37a6d68ea1334c8
SHA256 1fc2dbbed05e3ced454c0f3b96efeefe2fedf8304c4f490681a4bea470be99ff
SHA512 5ecd1bf3a32082fd439b394bf02e85f12845b03db2ef09db988a91bf3b72c00c5bf3208a09eb700778b0f7179b91f3764804b32cd2a3eefa74424773cf817370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a754055665f6d73bed0922277a4b4634
SHA1 4a9124f7d6b1879bc21ef0725b6b6a3d74d9ff7f
SHA256 0953f86528a8cb472720c1a14e20689e1571c6ed29f7748a21ec7c3900b94274
SHA512 49f77979ccde59d348b359c12c8873a6e21a41db0b3c4034ef3f293de1e347a519447a74803f4fcba87e3eed3c280ba10acf29dfc3180da5a5de9a3b3f177bfe

\??\pipe\LOCAL\crashpad_2296_LKYUTAUVMGRRPISU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\716d8a30-f4f0-4e83-85ba-3c9ebddd7dcc.tmp

MD5 04d1b772d1e60f09a0db9c443b0720cc
SHA1 8a6d78e35a4c87a5990f9f322e2efd6c1eacdd82
SHA256 492648e6c06deb139030563e70aaa42784749cccf04474e06304e3f1ca00d931
SHA512 8bfbd9b35066cc257ba47f1dc00a62193b1e581381a4ea53001ca0d7a1c2256b0cd0c042457a0a3776543fddcb0a66dd9f49c24e7bdc2fa39020381e5d2e0fb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 711fbd7a9ca854e16d3e7d1de5abaa10
SHA1 277ae0cb4c1cda77a568c02f27b633335b454cda
SHA256 85a801b3b8eb9ebcb7905500e45375c47d5118897b5cb7baa338583489f5738b
SHA512 103425b63c789a51f0e49d13f716cda2c981585a2f85a9297632d579eb2497524b25028f713582d7ba9bff2741dc747c6544ad2d4cd1413e0cfce4dcb5aa0862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\001d3f24-25ce-4bf8-82a9-eddd06ce3b92.tmp

MD5 a754055665f6d73bed0922277a4b4634
SHA1 4a9124f7d6b1879bc21ef0725b6b6a3d74d9ff7f
SHA256 0953f86528a8cb472720c1a14e20689e1571c6ed29f7748a21ec7c3900b94274
SHA512 49f77979ccde59d348b359c12c8873a6e21a41db0b3c4034ef3f293de1e347a519447a74803f4fcba87e3eed3c280ba10acf29dfc3180da5a5de9a3b3f177bfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 711fbd7a9ca854e16d3e7d1de5abaa10
SHA1 277ae0cb4c1cda77a568c02f27b633335b454cda
SHA256 85a801b3b8eb9ebcb7905500e45375c47d5118897b5cb7baa338583489f5738b
SHA512 103425b63c789a51f0e49d13f716cda2c981585a2f85a9297632d579eb2497524b25028f713582d7ba9bff2741dc747c6544ad2d4cd1413e0cfce4dcb5aa0862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6cdd8703-6038-4d04-b51f-9847765446e9.tmp

MD5 0697b1c144666fb9c1d954cb68e4c661
SHA1 737ff29e33f5bab47a6e25e6b37a6d68ea1334c8
SHA256 1fc2dbbed05e3ced454c0f3b96efeefe2fedf8304c4f490681a4bea470be99ff
SHA512 5ecd1bf3a32082fd439b394bf02e85f12845b03db2ef09db988a91bf3b72c00c5bf3208a09eb700778b0f7179b91f3764804b32cd2a3eefa74424773cf817370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 04d1b772d1e60f09a0db9c443b0720cc
SHA1 8a6d78e35a4c87a5990f9f322e2efd6c1eacdd82
SHA256 492648e6c06deb139030563e70aaa42784749cccf04474e06304e3f1ca00d931
SHA512 8bfbd9b35066cc257ba47f1dc00a62193b1e581381a4ea53001ca0d7a1c2256b0cd0c042457a0a3776543fddcb0a66dd9f49c24e7bdc2fa39020381e5d2e0fb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1379370affbb0efc9433faa8be01dbb6
SHA1 fbd6ce10c7c30190b49b8dada1c4b7cfaa7f3c84
SHA256 40fcb04d9b6f8348a28a58c7bb49b96218d8c8412ee0e41e22271d42dcaae932
SHA512 d796bd1ea20424a3b578cee3ef63b5759ad8fb68bbc1c0d9980adc65e553ae06e653242dfd7ced7013ff888556d64bf3b4c79bd64e79edec54ec5e6a59754551

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2c12aabf-e2cc-4a83-9890-b9a2dcfacad3.tmp

MD5 1379370affbb0efc9433faa8be01dbb6
SHA1 fbd6ce10c7c30190b49b8dada1c4b7cfaa7f3c84
SHA256 40fcb04d9b6f8348a28a58c7bb49b96218d8c8412ee0e41e22271d42dcaae932
SHA512 d796bd1ea20424a3b578cee3ef63b5759ad8fb68bbc1c0d9980adc65e553ae06e653242dfd7ced7013ff888556d64bf3b4c79bd64e79edec54ec5e6a59754551

memory/6376-215-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6376-216-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6376-217-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6376-219-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 04d1b772d1e60f09a0db9c443b0720cc
SHA1 8a6d78e35a4c87a5990f9f322e2efd6c1eacdd82
SHA256 492648e6c06deb139030563e70aaa42784749cccf04474e06304e3f1ca00d931
SHA512 8bfbd9b35066cc257ba47f1dc00a62193b1e581381a4ea53001ca0d7a1c2256b0cd0c042457a0a3776543fddcb0a66dd9f49c24e7bdc2fa39020381e5d2e0fb8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3xu84hd.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e594a807-20b5-4d7c-be21-c337f6c9e7ac.tmp

MD5 947103de0c0821293fff4150bb4cbbe3
SHA1 de92aedda89b11dd18296784ba164bf694f0864f
SHA256 29a88017ec49d5eafa287ae78b70ef967b8c6881a61f4f03c601c90a2f525619
SHA512 ba38d2362f95c7187ac0eac989670015147fe805ffae6b6169f83a303fa0486c8c331183e8bd64f64d5d0f2e5836bd339b602f937d5532c44ebf2ee161890d97

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3xu84hd.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\21d0bb9e-d1d2-4f65-9958-e5be18650398.tmp

MD5 5e4921e580ca285c8bd8fc1b9cbf4ef1
SHA1 da75c6e3019a15cb095d41ddb7183985e8ed2c36
SHA256 e365a78357fa977458feae34367f388ed0671879a4ce12b1e04fbbf81d997f11
SHA512 d7fad923140743a8fadefcd36d114fcb73e1c882d98968bd1e3d9c6a0c68c2326f68df83c98f7097cf9e165903f487f2e125bb41dd222e4795df5fff3f925f9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 2cc06f809ccd4e0c7037ff2e7c24a069
SHA1 8777e17bfbcf6f4699be463927f0cc410cf01faa
SHA256 663d665f8495a05affc449ddb03af2c9babb984133011bdc0d32d9e261c99240
SHA512 1bc8e50653cedf3d9eb8af3b802a7b504406a57024be761034357711f3fcb2ea4bcf35928a37385862271e3ebbea3ecd0f13290ef9035d944bc66f07ca07a234

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e4921e580ca285c8bd8fc1b9cbf4ef1
SHA1 da75c6e3019a15cb095d41ddb7183985e8ed2c36
SHA256 e365a78357fa977458feae34367f388ed0671879a4ce12b1e04fbbf81d997f11
SHA512 d7fad923140743a8fadefcd36d114fcb73e1c882d98968bd1e3d9c6a0c68c2326f68df83c98f7097cf9e165903f487f2e125bb41dd222e4795df5fff3f925f9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a754055665f6d73bed0922277a4b4634
SHA1 4a9124f7d6b1879bc21ef0725b6b6a3d74d9ff7f
SHA256 0953f86528a8cb472720c1a14e20689e1571c6ed29f7748a21ec7c3900b94274
SHA512 49f77979ccde59d348b359c12c8873a6e21a41db0b3c4034ef3f293de1e347a519447a74803f4fcba87e3eed3c280ba10acf29dfc3180da5a5de9a3b3f177bfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 64dc352f76b19ae9917db896d77ad39b
SHA1 f8c6338a2e18797c2619da748734614d59afdfaa
SHA256 ac15d3d75de21e1f43b2ef0285f3b6f3b2322c4767a0858b8d387d83943ce20a
SHA512 36becd7d3374ea0efffcbaad98fff08671963c7c0b56766155f03d3222224a7ea2856409ab35468d849e07c9b1cb6736ef2ef27a0c69245f2b905e78dba2beed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0697b1c144666fb9c1d954cb68e4c661
SHA1 737ff29e33f5bab47a6e25e6b37a6d68ea1334c8
SHA256 1fc2dbbed05e3ced454c0f3b96efeefe2fedf8304c4f490681a4bea470be99ff
SHA512 5ecd1bf3a32082fd439b394bf02e85f12845b03db2ef09db988a91bf3b72c00c5bf3208a09eb700778b0f7179b91f3764804b32cd2a3eefa74424773cf817370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 947103de0c0821293fff4150bb4cbbe3
SHA1 de92aedda89b11dd18296784ba164bf694f0864f
SHA256 29a88017ec49d5eafa287ae78b70ef967b8c6881a61f4f03c601c90a2f525619
SHA512 ba38d2362f95c7187ac0eac989670015147fe805ffae6b6169f83a303fa0486c8c331183e8bd64f64d5d0f2e5836bd339b602f937d5532c44ebf2ee161890d97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13344160627608377

MD5 fa1d726b99254bceb6881f255705762b
SHA1 f3f1fac0528e126d2a7ac032accc7e196894b219
SHA256 dc1965310f7bd1e386410be4c4faae5ccacb3ed6badfbf7df2c9f52235666d64
SHA512 fed0d5a25982d2fa913f376a8a3d284df085d5c58a0a9a41c882f06d914f60c615ea0896e1b8daa9943539aff6aa66250efa385800a86d5ceaeb566c32375c3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1379370affbb0efc9433faa8be01dbb6
SHA1 fbd6ce10c7c30190b49b8dada1c4b7cfaa7f3c84
SHA256 40fcb04d9b6f8348a28a58c7bb49b96218d8c8412ee0e41e22271d42dcaae932
SHA512 d796bd1ea20424a3b578cee3ef63b5759ad8fb68bbc1c0d9980adc65e553ae06e653242dfd7ced7013ff888556d64bf3b4c79bd64e79edec54ec5e6a59754551

\??\pipe\LOCAL\crashpad_4608_NBTMZOFPIGAUUGPK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 711fbd7a9ca854e16d3e7d1de5abaa10
SHA1 277ae0cb4c1cda77a568c02f27b633335b454cda
SHA256 85a801b3b8eb9ebcb7905500e45375c47d5118897b5cb7baa338583489f5738b
SHA512 103425b63c789a51f0e49d13f716cda2c981585a2f85a9297632d579eb2497524b25028f713582d7ba9bff2741dc747c6544ad2d4cd1413e0cfce4dcb5aa0862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85c54514c3b345126519470dad718c0d
SHA1 626b29d06f723c9dbf93f1d4df38feb03f5b29c5
SHA256 c2b2533af43b86674f2c46a7844ede1dd89518f46cd7820f0bd9fab4f2e2b486
SHA512 17105de1cec9f48ee1db585e855342580ca8afface694e7206ee2844084d731e285a4a1b74e916f1f03a4ba949ec96c65d14d6605fae4fcf5962151ea27fe2ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64f200e12613813c8cb3b2b9694418b9
SHA1 edab7049b899108381e645039d014cc0aee13783
SHA256 14429699bfe79892123648283c3e0d96c2d3f1a096dba75ea506d42591ea794e
SHA512 e884ab087efcd43a85fca6bea8086902cd15604a433e0d6bf7ee20b013665acde5bc6fbab021f33bf0ed59181a5936cc3d6ebb16aba1925f0b504764f5ba0d3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9831fbe2adff283966fef0849d7b77d5
SHA1 1ca7f3a2481f10adfb837dc76b7edf681d8e38b5
SHA256 472612a1fc35c45a30294619301c64f8d65dd9225a2105d92748d3ac7ae5cb7f
SHA512 64cfe9285ed05f96c5fbf658fcee46c4ee6974542f969c4ffbea3575a651a7a578583cb2395b1111bb181a94e7f0893cd1d8dfb761ae096c257f18b59503746d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 d661aeab20458531b54a2ed69db9181c
SHA1 f686a6ae9b737ba4d8cc9e3afbb6d8c2865c46e3
SHA256 660cdfa7a13ba3a07d4c4a105117421e47d351afdb5813163ea60f4ad0b18503
SHA512 43e4f5cbfe288b361cfb93d00463c9fbca0585fc9aafb09bfe365afae86119eaade3ead10bef13e61db8bd48723ef62cde6650401e2308891efabe4908fda078

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe596b05.TMP

MD5 4080d0cd89dfc9012f6627911c983cd5
SHA1 2c888db4df537d86ac695b1d30bd02dcd8239950
SHA256 bef507fd8354fbd10b438e62dfda2ab5c4e75f648c13e24bb6ba507563c4447f
SHA512 4a6472f1605949614f4292933967b0c42ed7ccd02b5ab544a3b64fea813b9bbc47a9f232d846c2b88f64ea02264e19b089b5eecd1dbd498ca495070708ef1033

memory/2832-532-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4695f1e110ba44f5c7e6a462df13f9f4
SHA1 e435d7bfa5ccb0a8703e2c9228eddcca6ee7146c
SHA256 b54fda90fe0f561e39b4b191ac7e6b504e5ed16db7ff71b417ea9aa5e79e74c8
SHA512 4b86fed48e9e4dae5f2eb82e2e0c4371004e169fd2a996374a087e00f98187525590f42870bbe95b35973f5c52281ab96fe0d72866d7a413f8b77a871e0e1b17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8a61315b-b62f-4ae7-ad34-eca2223e3986\index-dir\the-real-index

MD5 2f642d086db001db5f3f5d38f61607a1
SHA1 bce0972c7128369e907ec7f87f3536188e083acb
SHA256 726f17dea263e22da5cd09dbffe95e0f4b8e9937ba7361dbb0e030b572543f83
SHA512 ba4ae4c143ab50dd1d137122774dec88af35553f28ecb81d6dca49d4c34ac956af0ffd20a38cd7da4dc5ab5832b22d0e2ccdf2a2928cd6b528e6ef22bef470fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8a61315b-b62f-4ae7-ad34-eca2223e3986\index-dir\the-real-index~RFe59bb76.TMP

MD5 eb1110080d5038904cdd44ab7b1c2586
SHA1 5acf4cf80e0ba45450b0c740c0610c29ab1db1a1
SHA256 c51378fd9bcbc9343e9842284d0daac7900c35214a02f4514e492f4441095f07
SHA512 96fffd77595278b0dae4cd13d38a4c4312b004fd6c61f2bb907c4f902dad272d39e1473cff944707b40907aa13d9f2db8f115cb1d9cdd361451baace2581aa2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1f8adc38c92edd9a1ca20d0f291938db
SHA1 3117452d5d226d734026629d9efa0a2144025fef
SHA256 fb6f459c43388998dd53d49ddcc810722d0397869ca90cf275fd8f632840f114
SHA512 ae71252a70498c7fadafecad6f7338306d8c45bced163c43e50f8a872b1b091191ab6163cd14aa0fded222477aac5c29ce4695e5626c4c0efd5397e4a320175f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 37cd4d4afd599048b3cdd6653702ad3e
SHA1 f4b0321dfaa7dc1f34ecce3f227b6743a9adf417
SHA256 86536569dc4d03b6fccfc192e5c5bab792c2e7f349d1147ff240024a0cc1a463
SHA512 c7ad5635f14b2fbe748146153ed8a5072cc6d432ec6bf79234cf17e251addde20b687fb30f3af582d12e6dff7683be6bfe9cc84da7463abc14beba1ec7ba3b52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59ba6d.TMP

MD5 ccefa833fe602b41b50508169566a6ae
SHA1 491769300f66062ef2ff2ba3f4173f17447752a2
SHA256 fcc2c3410f477f02b918733645508e6a649069d2d2241a47f24f599e28e4ba3e
SHA512 d9e1ebd96eebf061d4698e08e4e0cc4b199e80865a9af4e1301168a7b38dca8cd4f2c9aa58efd5a70fe16a1d3f11d078e9e63ce3513f3b8d4fff0b0b7cff45c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 2b69c34da61b9379243c8faab4b79d44
SHA1 2f7da52e12cbe207768b1568f8b06b9fc60cef81
SHA256 9a52bcb2382fc60ef67365eec94d22a731c9c800e6cde72ee9356512dfcf19aa
SHA512 4629960a8a962b74307c4fda3e2639881e13d393f180224d9d884158188e927ffc0db3fa0a64754cc32fd733a380f993a53e9c2133e2eca2003be8c1eaedfa07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a2fd9fa7-195c-4231-8a29-33375cfede2a\index-dir\the-real-index~RFe5a3932.TMP

MD5 9b4551489d40907af8ca655b77f9f4e8
SHA1 f7233da16ece041ab58d071a39d82471a152249d
SHA256 45f139532923ec44c3fce0919dbe53f7df078d5a2d7951918134f41994199d7a
SHA512 e2de1db303e604a243b08b0afb6f476ec2ce8eff7469d1d102eea8f9edd7f944aa652fa0133b3d3b5ce8d5439047d0127793b55e5fa33509ff95e866c53f6566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a2fd9fa7-195c-4231-8a29-33375cfede2a\index-dir\the-real-index

MD5 65c166deb3ea151e5f79dfa63b4d4af6
SHA1 963a198c10a619a45d747e8d72731b09d7292be7
SHA256 7fd5e2e35cdd029a23ed99eb1d3dc12f32fb2137cd293854a0703f3970c2ce62
SHA512 85dbc12498a9812b73af044eeb1c4f006ca8ec99051627c9c3fcb55dd6fe900d34b0411fdaf7fe917a850fe1912ddd4ff7545442daf0d9b84611e64ad06962c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b5ddc605d142afc3e2587503ec9637dd
SHA1 399842bc3096d350fd5a4b1dfbca63397707f427
SHA256 dab26a434c0184cfe4a36205c155520c15ae870614ab09c4b4b3230382e26bb9
SHA512 067d7377e7986769f77979d2acb290e4e501510f24f4f47a09d9cd0ef27f7ae41614209374c4e58355743cccf4aa9b3b66058131a3ee834758b8cb493b03d571

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 56f810116e6dd43b24cbc8f00016ea2b
SHA1 8e77de563d931397e4549755284b99813eb10bdd
SHA256 5a6194f6f5ae7dbb92baf5685224696770f406413b1886d0ebe2b86c66eeeb7e
SHA512 8fc6337927420bc23b18c7c9afc2eca040469d3bc95cbe8ab789bf2ab76aaac9eeb07ae0b2eb0ead38db9aa14479f49b0870b69ac1e35573cc554dfe1c0a15c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a42f6.TMP

MD5 3dbd53e95d05087964125fde0624e405
SHA1 c2f79d702aecb0bcbebd9414150673479ef60ef4
SHA256 6227e4967b25b801631c4b8da25c3f11d3590ab279d46297602acd807a167b90
SHA512 63b0141b623fca18f9cc6e0f4aa3e057c30ebd469843df9c506c7de6e99b101273e07c5166bb9cbe35fceb5e5fcc2eac2092374fe1e3154632f4eae4ad59ca3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/2832-723-0x0000000074E50000-0x0000000075600000-memory.dmp

memory/2832-767-0x00000000077A0000-0x0000000007D44000-memory.dmp

memory/2832-799-0x00000000072D0000-0x0000000007362000-memory.dmp