Malware Analysis Report

2025-01-02 05:26

Sample ID 231111-jktlcace4t
Target 830736afc7f1332346e80048f5860b65.exe
SHA256 a06acba515844903c5d524ea8ac8b1ea0115b1cf5c6516eabb4ecdd51934183f
Tags
mystic redline sectoprat smokeloader pixelnew2.0 taiga backdoor infostealer persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a06acba515844903c5d524ea8ac8b1ea0115b1cf5c6516eabb4ecdd51934183f

Threat Level: Known bad

The file 830736afc7f1332346e80048f5860b65.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline sectoprat smokeloader pixelnew2.0 taiga backdoor infostealer persistence rat stealer trojan

SmokeLoader

Mystic

SectopRAT

RedLine payload

Detect Mystic stealer payload

SectopRAT payload

RedLine

Downloads MZ/PE file

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of UnmapMainImage

Checks SCSI registry key(s)

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 07:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 07:44

Reported

2023-11-11 07:47

Platform

win10v2004-20231020-en

Max time kernel

151s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Downloads MZ/PE file

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4908 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe
PID 4908 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe
PID 4908 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe
PID 900 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe
PID 900 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe
PID 900 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe
PID 784 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe
PID 784 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe
PID 784 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe
PID 1952 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe
PID 784 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe
PID 784 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe
PID 2728 wrote to memory of 2564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2728 wrote to memory of 2564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2540 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2540 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4156 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4156 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3624 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3624 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1760 wrote to memory of 4276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1760 wrote to memory of 4276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 5800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe

"C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x104,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x78,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8752578455962509612,9952218601297133046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8752578455962509612,9952218601297133046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13039252340032722116,11268856446948212776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13039252340032722116,11268856446948212776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,5932778800787539534,4015368651450567330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,5932778800787539534,4015368651450567330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6500845574762478510,16430497279136630632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6500845574762478510,16430497279136630632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10207109538412506291,6378198790611738433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10207109538412506291,6378198790611738433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,1089990788034583321,2183454933113581069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,1089990788034583321,2183454933113581069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,10414092632533785407,2318615342468317055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,10414092632533785407,2318615342468317055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,7102306089351498374,2543767994640806633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,7102306089351498374,2543767994640806633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3309776994582311449,9488468884026712451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3309776994582311449,9488468884026712451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6824 -ip 6824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Iy1QD50.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Iy1QD50.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8920 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x248 0x308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8640 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1E9A.exe

C:\Users\Admin\AppData\Local\Temp\1E9A.exe

C:\Users\Admin\AppData\Local\Temp\6C5D.exe

C:\Users\Admin\AppData\Local\Temp\6C5D.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10664 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 18.210.178.3:443 www.epicgames.com tcp
US 18.210.178.3:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 3.178.210.18.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.39.118:443 i.ytimg.com tcp
US 8.8.8.8:53 118.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 68.232.34.217:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-hgn7yn7e.googlevideo.com udp
FR 74.125.11.134:443 rr1---sn-hgn7yn7e.googlevideo.com tcp
FR 74.125.11.134:443 rr1---sn-hgn7yn7e.googlevideo.com tcp
FR 74.125.11.134:443 rr1---sn-hgn7yn7e.googlevideo.com tcp
FR 74.125.11.134:443 rr1---sn-hgn7yn7e.googlevideo.com tcp
NL 142.251.39.118:443 i.ytimg.com udp
US 8.8.8.8:53 134.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 i3.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 74.125.11.134:443 rr1---sn-hgn7yn7e.googlevideo.com tcp
FR 74.125.11.134:443 rr1---sn-hgn7yn7e.googlevideo.com tcp
US 173.194.79.132:443 yt3.ggpht.com tcp
US 173.194.79.132:443 yt3.ggpht.com tcp
US 173.194.79.132:443 yt3.ggpht.com tcp
US 173.194.79.132:443 yt3.ggpht.com tcp
GB 216.58.208.110:443 i3.ytimg.com tcp
US 173.194.79.132:443 yt3.ggpht.com tcp
US 173.194.79.132:443 yt3.ggpht.com tcp
US 8.8.8.8:53 132.79.194.173.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 172.217.168.202:443 jnn-pa.googleapis.com tcp
NL 172.217.168.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hneknee.googlevideo.com udp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com tcp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com tcp
US 8.8.8.8:53 70.8.125.74.in-addr.arpa udp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com udp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 142.251.36.14:443 play.google.com udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 8.8.8.8:53 fbcdn.net udp
NL 142.250.179.141:443 accounts.google.com udp
US 157.240.5.35:443 fbcdn.net tcp
NL 142.251.39.118:443 i.ytimg.com udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
US 152.199.21.141:443 abs.twimg.com tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe

MD5 b1967fc8f24aecad32d1add6c63db103
SHA1 365d3b3a244658d4050fa3118a97e186132ae441
SHA256 85de37fd1d0dde8dcf2cbc8d185ece3d4cb82f6057e1fc7a3b22ecc3a58bc639
SHA512 fe213d35682da87024a98f6ec52f347258fc74a9d2dcc63fbc436b8f742f10499d9059abb9aa2092ab497d197aae43068000cc33567a267d8394c96e8731247d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe

MD5 b1967fc8f24aecad32d1add6c63db103
SHA1 365d3b3a244658d4050fa3118a97e186132ae441
SHA256 85de37fd1d0dde8dcf2cbc8d185ece3d4cb82f6057e1fc7a3b22ecc3a58bc639
SHA512 fe213d35682da87024a98f6ec52f347258fc74a9d2dcc63fbc436b8f742f10499d9059abb9aa2092ab497d197aae43068000cc33567a267d8394c96e8731247d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe

MD5 57e7c6bdd78608ccecb9fe7819bd211a
SHA1 e34764b51f66fd3b12fb06d38760946b3dab29ef
SHA256 d2fa34bd3e4cdfc50227dd78a26898466083e94047f03a12fc73fed874f04527
SHA512 08358ac4b1843c5837eebe13bf2d02a321dcc5685c80ecc6b0ed54771a87c7c7277eac0546bfe21980156f530ff2098bd111e683a3994e833892d0cd83d0e89f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe

MD5 57e7c6bdd78608ccecb9fe7819bd211a
SHA1 e34764b51f66fd3b12fb06d38760946b3dab29ef
SHA256 d2fa34bd3e4cdfc50227dd78a26898466083e94047f03a12fc73fed874f04527
SHA512 08358ac4b1843c5837eebe13bf2d02a321dcc5685c80ecc6b0ed54771a87c7c7277eac0546bfe21980156f530ff2098bd111e683a3994e833892d0cd83d0e89f

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe

MD5 6a7153447add5af84373f60c29e49e06
SHA1 a3d3bfafb6c28baf98da0538a9683656f27d218a
SHA256 169fe6f8367438cffebcc67b309734d76416f4c548a570713e330764e4ebdd8b
SHA512 ca7ee452d180429d8a9ca38ed367d2b94e3ee33ac5e98cb0253d88b1ce7c3eadbf640c161b68854e534813c424a02367b0ded4666f9b5891109184eaed176d06

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe

MD5 6a7153447add5af84373f60c29e49e06
SHA1 a3d3bfafb6c28baf98da0538a9683656f27d218a
SHA256 169fe6f8367438cffebcc67b309734d76416f4c548a570713e330764e4ebdd8b
SHA512 ca7ee452d180429d8a9ca38ed367d2b94e3ee33ac5e98cb0253d88b1ce7c3eadbf640c161b68854e534813c424a02367b0ded4666f9b5891109184eaed176d06

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe

MD5 edf6d38652bd6de386e305a27dfee5c9
SHA1 2ccc25909c5c14539a98d257fec1cf6fed8bf775
SHA256 23d15502688bb01c2a2153dbe88e927e48f1c45478270b170955c88b1de606e2
SHA512 a6f688905b8c0cd8565b4758ca6b14c6cc2bdaf1cabd8fc1dedbfb69becfd656bf332ff63a8bbf2a9b4c1f4efccebf324d4e4927b57daf79cfc1bfe783b62333

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe

MD5 edf6d38652bd6de386e305a27dfee5c9
SHA1 2ccc25909c5c14539a98d257fec1cf6fed8bf775
SHA256 23d15502688bb01c2a2153dbe88e927e48f1c45478270b170955c88b1de606e2
SHA512 a6f688905b8c0cd8565b4758ca6b14c6cc2bdaf1cabd8fc1dedbfb69becfd656bf332ff63a8bbf2a9b4c1f4efccebf324d4e4927b57daf79cfc1bfe783b62333

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2540_YCDRAYZMKSDOTYJU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1760_GJIBXMDICBXVGZPF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_3868_KHYVLJTDEUUNJGXE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4156_PFMNMICZTIZNPDZR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2728_RHAPJXXUKFZTTCWX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3624_ORVGUALCYTHOHFQF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1816_SNVBJVVHNLSODFSF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_1976_KZBHDNQTJPUMXCXI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2232_SZIPNMRXIDYKWGZR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_960_MMOPYRXAUHLAFYHW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/6824-139-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5869495037910cfe452b51fee391849d
SHA1 69f878f0a989aa0614c8aeb8ce99bd73cfde2305
SHA256 d2fe85e57748ed7dc157e8009855809ef73a33b90a59efdc4cd9dc918e41d673
SHA512 ba99e731e6b688922813068aae973e2484c498bc8249ee17d337a1e2fe4055adb47360c4a7fa1aec9476d5e027e4f8ef7082b44c5be2d093680d503ce713375c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 025179e29b86a7cf2371b443da25fd15
SHA1 98a3432db635f3b437ef203ed100c1beec26adf4
SHA256 2ee1f9cda76dcb04db15e2fdbf14cb2433a1e52f4ea7ea6801670d1e197c97bd
SHA512 4ee95b9b1823164f7d4219407d03a0f66c0ad18b5a2f938981617c723a6ec36922cc08e6aae9b578ca4dac1ff7c4cfa2a0bcb70997bb91f0772b88de2e65ea0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 295822104ae459c5edebbfc73719a377
SHA1 9242bb5b83db9622dcfc42f92fce5a5b6d0c34e1
SHA256 fa0a09996c3b3a87871efdeca7d3c0026264f4f9b56b084f0f61f73b2220fc08
SHA512 692bb3e10d0c4d12ec5ad2f10a82486955e8d52ab70f3d422ffe822025011917e94439f5db51b2c0a6b70e046559f8a30780f1214bc7977af09818a3e1159734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1e108a0dc3863822be11237595cf4037
SHA1 8596aca65cb956b39ab46e8f00de55be07e40f1b
SHA256 973015cf674854ab59e5e4afba6a2cbe305563dbeab4430c5b36bcee16806666
SHA512 afe1af4a020bffcf7af624793a9c3016f2ec98c24f254bc632dc998d3537281731f295fe619ca99fd14c7ddb2720032015bd7a91aa8d13c13bfd6f7261b6e3a3

memory/6824-184-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e66d2139-32bb-4991-961a-70498ee1d1ba.tmp

MD5 485511d232de28c3fa4386e1ef9d900e
SHA1 e073bf5f441bf3aafd9158dc29a88a5ed67d73a4
SHA256 041d90f10071b4df156962f57bfe323def5c42cef312914933acd62406bc3289
SHA512 f50de2d0965510568396c82b4b705517dcfba837eabff08fd7ffab4af127382959ef3fe86fa851efae92febc52742ccd62f8daa251097ed26d2879639d29b46d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1e108a0dc3863822be11237595cf4037
SHA1 8596aca65cb956b39ab46e8f00de55be07e40f1b
SHA256 973015cf674854ab59e5e4afba6a2cbe305563dbeab4430c5b36bcee16806666
SHA512 afe1af4a020bffcf7af624793a9c3016f2ec98c24f254bc632dc998d3537281731f295fe619ca99fd14c7ddb2720032015bd7a91aa8d13c13bfd6f7261b6e3a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a4ca5b99553a0eff1cfa826a861f6991
SHA1 eb0ab12140726b1802be91f41b02d76b2804b905
SHA256 869e2908203992c3ba3a48d369fb5b512a23191482adba54bbb012062800b33d
SHA512 c309d51e4b3f2a414c841e8f35e7948e98cc5a6bb1c541fd9d0513ab24c13ae41b2d1d147d59eb99382a14a0c171e786b71ab961c3510e969671f42f98db7db5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64e1273d3b55a73584e375b636e0829a
SHA1 01291c23f36c0f0e5749942ef7bc85743514fd34
SHA256 2bab07a40feb995576a31b28980e7dc4aab36f842c08c713dfcda0bc2a744dd8
SHA512 51fb167b22f7fd6187f6e5af4f91e5202f0e0f50632dea809a3418d83170fd96d5c35bd80fbd54417039e2c3a5a4070eacd23811339db0e500a81ae5841c2c29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64e1273d3b55a73584e375b636e0829a
SHA1 01291c23f36c0f0e5749942ef7bc85743514fd34
SHA256 2bab07a40feb995576a31b28980e7dc4aab36f842c08c713dfcda0bc2a744dd8
SHA512 51fb167b22f7fd6187f6e5af4f91e5202f0e0f50632dea809a3418d83170fd96d5c35bd80fbd54417039e2c3a5a4070eacd23811339db0e500a81ae5841c2c29

memory/6824-207-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\58899338-096b-4657-9908-ebf54563b859.tmp

MD5 c46d023888c6a225d9821e384f8bc1de
SHA1 233d907bbd863949a804664a4431155d46752c62
SHA256 bfecfaad338feedb080d5c71aa3747c2e6f1020c4fb22deef459650b01e0d523
SHA512 46e910dbca645315200a469e9093fcffa9a218e2fb013eaec9527456fa60f7672575a485a211182bc3bc964a4e241d1d17f090c943dec230e694e82c52d06109

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a0da233d83b39ef9226f4df19ae02cee
SHA1 71b1bcf244e132fd3d34087e8fd1c6f90a5ad965
SHA256 216c66cefff4e960612a01bc135b5f00a6f3f3dd2f463e791de91ca71fc4c73f
SHA512 91d6ecbee9b68619d0e9138c57acb66f08c8c6e5af655b35c37181276f14352fe4f17543bb4d24003b48fc959d8dd3fc8020ffa1f501fcca2c58d4acff39c082

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a0da233d83b39ef9226f4df19ae02cee
SHA1 71b1bcf244e132fd3d34087e8fd1c6f90a5ad965
SHA256 216c66cefff4e960612a01bc135b5f00a6f3f3dd2f463e791de91ca71fc4c73f
SHA512 91d6ecbee9b68619d0e9138c57acb66f08c8c6e5af655b35c37181276f14352fe4f17543bb4d24003b48fc959d8dd3fc8020ffa1f501fcca2c58d4acff39c082

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 485511d232de28c3fa4386e1ef9d900e
SHA1 e073bf5f441bf3aafd9158dc29a88a5ed67d73a4
SHA256 041d90f10071b4df156962f57bfe323def5c42cef312914933acd62406bc3289
SHA512 f50de2d0965510568396c82b4b705517dcfba837eabff08fd7ffab4af127382959ef3fe86fa851efae92febc52742ccd62f8daa251097ed26d2879639d29b46d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 295822104ae459c5edebbfc73719a377
SHA1 9242bb5b83db9622dcfc42f92fce5a5b6d0c34e1
SHA256 fa0a09996c3b3a87871efdeca7d3c0026264f4f9b56b084f0f61f73b2220fc08
SHA512 692bb3e10d0c4d12ec5ad2f10a82486955e8d52ab70f3d422ffe822025011917e94439f5db51b2c0a6b70e046559f8a30780f1214bc7977af09818a3e1159734

memory/6824-178-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a4ca5b99553a0eff1cfa826a861f6991
SHA1 eb0ab12140726b1802be91f41b02d76b2804b905
SHA256 869e2908203992c3ba3a48d369fb5b512a23191482adba54bbb012062800b33d
SHA512 c309d51e4b3f2a414c841e8f35e7948e98cc5a6bb1c541fd9d0513ab24c13ae41b2d1d147d59eb99382a14a0c171e786b71ab961c3510e969671f42f98db7db5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/7908-215-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5869495037910cfe452b51fee391849d
SHA1 69f878f0a989aa0614c8aeb8ce99bd73cfde2305
SHA256 d2fe85e57748ed7dc157e8009855809ef73a33b90a59efdc4cd9dc918e41d673
SHA512 ba99e731e6b688922813068aae973e2484c498bc8249ee17d337a1e2fe4055adb47360c4a7fa1aec9476d5e027e4f8ef7082b44c5be2d093680d503ce713375c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 025179e29b86a7cf2371b443da25fd15
SHA1 98a3432db635f3b437ef203ed100c1beec26adf4
SHA256 2ee1f9cda76dcb04db15e2fdbf14cb2433a1e52f4ea7ea6801670d1e197c97bd
SHA512 4ee95b9b1823164f7d4219407d03a0f66c0ad18b5a2f938981617c723a6ec36922cc08e6aae9b578ca4dac1ff7c4cfa2a0bcb70997bb91f0772b88de2e65ea0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 438ba6e1e693712de157070cd1a1fa47
SHA1 7aebc27f66d09fd84c91f9aa6ee7f828e8047fcc
SHA256 e37aa726b954d38d5dd4c75eab83f54a24eaa9ea66cfc1b8c3f87f7827018785
SHA512 757644965dca20848a7300470657f06aef903500f8871335830ad99c5e0f792a26dadfbf2ec862a632ce01b51bc9666df848d6e0f9c1b1be122b471ff195e075

memory/3272-318-0x00000000082C0000-0x00000000082D6000-memory.dmp

memory/7908-320-0x0000000000400000-0x000000000040B000-memory.dmp

memory/9092-365-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fd623c7a07ba0b1a4ef7836c7dc1e02f
SHA1 692de71e7923ce23f787dc2183e00b9f9d6016c6
SHA256 729d515c1d4e74bca572786f88bc696e9649795c82d005fb81e21718e9ec31ee
SHA512 b65e727494eabef445ec57c9487fba6da06391a6f293c612fae3cfd7ce0fc41ab7cdf1ddebfb4fe7bb10a04ec8d0d36ad69e3f6ba697bbea4065ce6bcf7626bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c169d91043a8c04f9da103182fb51896
SHA1 7e60cdd3c2641efab8d97fb088d4a081b6df1baa
SHA256 1d1c221728e9214c08b81e0d561d9191bac02f4fc0ec8c414f3c2dac38fda088
SHA512 c4d969a84fcb488dfe0e8027ae7c1b2db422c7702e36f5a22add6f460fa6748af08c24ea704a5feb98fbd9b9db1e4c70d2a3a1bf7794b57e49179e6f0548d934

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8521f75ebc7cf2510fc37c9d0964ce2
SHA1 cfee89b0ce473f15545e6c1eb12e3c2acca7b6c8
SHA256 8e84dda60e926e5527ea2963bfc67e8d103286e49caebb74996a02f6fc3789ba
SHA512 4b093bb54eec46c9fc529d4d5f6f2e7a7cddba9405b07580d4ba50e956e841986d21b0894eb6846f0d97172cafb69844882832ec573e1725d4398bf2f68c4092

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0d35ff61f28e9f118af385cac90e244e
SHA1 4bbc92795fdf1c616874ec51fa38d325f0eb97c8
SHA256 d11e2befd032cee1a34fbbc6db029e1c7a70df8b6e562e563d5b9930e6557980
SHA512 fddd9d676f9cff0c3b5efaf0ebc854b3797fd52943e4306fffadd77e55b808de54b586309e086fa2bc7fee6325ca9844d75f26328991275f84b2be851e8229aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 601e9e23f44ee94105f1050db56da17a
SHA1 10a993e4b8a544aebfdf2e479467bece05b01afe
SHA256 6ffd27cbc16ff1c05fe17c2532f583c4721870c34a133b05555306311cbbb01a
SHA512 b613f56fa1d9d6cef995262bf254df91819181439e838edf08c7b925fd41a27966d4c61360b8e4611d03992199055fa3f37c500add3d0efd044424a29c75668b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0893c1468aadfef67889200203d373c9
SHA1 440da33589d919d6200bc8bcc0c121ae05b6ec66
SHA256 070d0f1e09eb66999db9d127fe94583981d3d51f3afce32ad0a529269ff0cc3c
SHA512 1bb8fcad0ac6c6b878c90446082085e00599d8f1409e9ed934d507e0d47cf5cb351987e5ea7708e1e7db595eb811cf4ce7073fb97da72f24f1bb94315e02efae

memory/9092-513-0x0000000074050000-0x0000000074800000-memory.dmp

memory/9092-516-0x0000000007990000-0x0000000007F34000-memory.dmp

memory/9092-517-0x0000000007480000-0x0000000007512000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/9092-542-0x0000000007600000-0x0000000007610000-memory.dmp

memory/9092-589-0x0000000007460000-0x000000000746A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/9092-656-0x0000000008560000-0x0000000008B78000-memory.dmp

memory/9092-741-0x0000000074050000-0x0000000074800000-memory.dmp

memory/9092-746-0x0000000007600000-0x0000000007610000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e8203b4c444248d1f74e0aae8fa0404d
SHA1 8d1830862545ebd6bc25a948d4863ada854c7c3b
SHA256 41d0ae2ffb1450281c2febce4e17ff4592b04c28cc337bef3206bb071bdf8542
SHA512 c507c333248f61ad13070e708c1518361e604cb262cd1f32952141df1405c96ac91ed0e7a37919189d7d771220bb3b6ab6db8584bd80f6d88a55ffb852787837

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593649.TMP

MD5 2afd36438d3c63f4f2b7725eca523ce2
SHA1 2816a27bf3bf9db73cec31dce250cb874a84cce2
SHA256 9ce35b53c7a1178fcfef27129343edaf12101e6a1957f5507d806a2f437a4d7d
SHA512 35fccf95a684e3f55f92898e2905466a04aee45ab3a50a1586136bbc2e8bee80bdffa6ef1ea419ef6bd659f67af9dad1f79f1c834ad57c50b38686154f72c4ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593639.TMP

MD5 1a1638ad0c55919ac63b4eaa5ac844e2
SHA1 cadbb7d4bef002185959a4860f3f9452a3ed646b
SHA256 dd03c8c0e7e168663b5e29235e58623e0e3ecdc00204468f320a0006d6464a8c
SHA512 223f0b49e876a38cfb5961ca557b18fe15491b98a4ff56b581df2301ab7b0b9befc523f12316d4b5265a37f9d5932eb98677c716f586b668dfa30ad046e4a12b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 afe5ec4594ed7bd66c7d019b0ba52089
SHA1 967a43ba7e24502905a7cd09182b7590cce66e30
SHA256 d934bb940566cdda4a56469f42c27ee69b271dda238e9a352d07ff5d54059c7d
SHA512 66857cf0038e67afc23161976702bb962a03d9e3145e14b54d8115f3875c3d6b25cfd3a179bac737863245fc36298e8d43a0c42b81dc8f840d08e8a9caef4727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e2f2c77c7693d7d5eecffabbd473e59c
SHA1 bc087d1d41c650bf43e895c9b5d3a4b728a67526
SHA256 2fcdcb8182272a13ad63a99eda2cf2c602f466dd6d9a01e1e45aa434363d9a6e
SHA512 c8c36453055f445af918297ce04c230980903761365350644d2b35cd2f28aa3160ef41c6f97612d50590be78dad6fd0431bb29b50df2807ff2393959daeee8bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7d25d2fd81645bb287c60da11a0b86f7
SHA1 0b0cae3b805323a68997c12add530a3e054ba3c0
SHA256 b6775ca810c720901a6be067305406473e45117afb66218e9bb5a2e44b700b65
SHA512 d30a7188df07fa9d20aa833d9eba4080de976dc1d9259ce88e51b33edc3c9d43d0d49cef03ed254761bd61ee81fdf771e8275c58817ca7a09400ed1dc4b515a2

memory/1848-783-0x0000000000400000-0x000000000046F000-memory.dmp

memory/1848-786-0x0000000000540000-0x000000000059A000-memory.dmp

memory/1848-807-0x0000000074050000-0x0000000074800000-memory.dmp

memory/1808-809-0x0000000000BB0000-0x0000000000BCE000-memory.dmp

memory/1808-818-0x0000000074050000-0x0000000074800000-memory.dmp

memory/1848-820-0x0000000007580000-0x0000000007590000-memory.dmp

memory/9092-824-0x0000000008050000-0x000000000815A000-memory.dmp

memory/1848-829-0x0000000007D90000-0x0000000007DA2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 21b43fa82f2c7d6d9cbd4e3b2854d2b2
SHA1 d9cc875b10310ee4599dd3ae5d30919a9ca1e132
SHA256 e57e18c6a759e66faa187ac2d4510af3c1c68b80d9d359f94e32cdfd3c3a90fa
SHA512 4d56b65d890923d944f85e646c7794e563b7ae6ca2e2796b24ec7eef5a8ad7e82b513f797387fe820bcbc0327677abb73ba412fa6214e5838cf4cb80f9f33b3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/1808-862-0x0000000005460000-0x000000000549C000-memory.dmp

memory/1808-908-0x0000000002C70000-0x0000000002C80000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 250fd17aa2dae087903efbed81d81773
SHA1 373339be1078b08ebe487d3b7fe5100911e83c78
SHA256 7818850c1abd265cead1e4461e0370977f3c32927fb094c478125b698077fb38
SHA512 d9ce13765700bd7f3aea1841b8278af7bfb6000170d495e947d56122cc5c692a69abaed137d6efaf391e54f0f57ca38b7e1dc6f5cb1e53823e4233e883cf6622

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 288efead27967b85c978069521438ff2
SHA1 e518b6156c1e0f529701ba2fbbaa16f39d760880
SHA256 a70f73bf7304bcd34f78b9b30acbf8885d924448dbadc40cf865164d20ed1459
SHA512 562032abc99283b45409b99ac171fc3987de12076bfe009b07eba1d52cb043765a6af55db1cfb9bc78cd8fab5d5302fec6650a1945636dae5159b6455574e8ee

memory/1848-975-0x0000000007F40000-0x0000000007F8C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a307fae9e489d6255ad9e3f733539064
SHA1 c6eb6064affa4bc96259164e238dc05ee6c709f3
SHA256 0d8ee93084ec0b78fde8cca46d33537b1e4ecad5de6eacb5e22fb09862a777ea
SHA512 d1c2a4d4e89efb5e1b455aa7eac2f4b3908f4e5771f4b5b406285b22870adf7a43e6b8e305ad1d2998f39eb5da35786338e059c2c0fa958bf4381a0ff09a327a

memory/1848-1001-0x0000000074050000-0x0000000074800000-memory.dmp

memory/1808-1002-0x0000000074050000-0x0000000074800000-memory.dmp

memory/1848-1003-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1808-1004-0x0000000002C70000-0x0000000002C80000-memory.dmp