Malware Analysis Report

2025-01-02 05:26

Sample ID 231111-jr5l7ace9x
Target 4409b8eea317b0a4406d70bda8ccddcf.exe
SHA256 981e42945b27742a2ef21acaeb4f0985ac83e484671e7bedd2dc071e0c4af62f
Tags
mystic redline smokeloader taiga backdoor infostealer persistence stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

981e42945b27742a2ef21acaeb4f0985ac83e484671e7bedd2dc071e0c4af62f

Threat Level: Known bad

The file 4409b8eea317b0a4406d70bda8ccddcf.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline smokeloader taiga backdoor infostealer persistence stealer trojan

Detect Mystic stealer payload

SmokeLoader

RedLine

RedLine payload

Mystic

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 07:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 07:55

Reported

2023-11-11 07:58

Platform

win10v2004-20231023-en

Max time kernel

174s

Max time network

187s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4409b8eea317b0a4406d70bda8ccddcf.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\4409b8eea317b0a4406d70bda8ccddcf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4012 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\4409b8eea317b0a4406d70bda8ccddcf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe
PID 4012 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\4409b8eea317b0a4406d70bda8ccddcf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe
PID 4012 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\4409b8eea317b0a4406d70bda8ccddcf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe
PID 4200 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe
PID 4200 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe
PID 4200 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe
PID 2028 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe
PID 2028 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe
PID 2028 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe
PID 524 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 524 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 320 wrote to memory of 3272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 320 wrote to memory of 3272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 844 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 844 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1756 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1756 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3816 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3816 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4380 wrote to memory of 4736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4380 wrote to memory of 4736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2028 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2OR0921.exe
PID 2028 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2OR0921.exe
PID 2028 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2OR0921.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 6076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4409b8eea317b0a4406d70bda8ccddcf.exe

"C:\Users\Admin\AppData\Local\Temp\4409b8eea317b0a4406d70bda8ccddcf.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x9c,0x170,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffecc2b46f8,0x7ffecc2b4708,0x7ffecc2b4718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2OR0921.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2OR0921.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,273747463708633226,378930540303192165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,273747463708633226,378930540303192165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,7283517453818443540,18119717943504666583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7283517453818443540,18119717943504666583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8052675387092838375,3441881020515710877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5269628748687624548,1494092567681854394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9601204949174076352,12180045021987682389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5269628748687624548,1494092567681854394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8052675387092838375,3441881020515710877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5796157929245902165,17082215278505375096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9601204949174076352,12180045021987682389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17791274707382753613,7622428747363660959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11353023070077217464,5749012546508608473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17791274707382753613,7622428747363660959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5796157929245902165,17082215278505375096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11353023070077217464,5749012546508608473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11476781028736626153,14564076129142604731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11476781028736626153,14564076129142604731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6856 -ip 6856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,2051465418256392323,16851375286787991413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7la9iu58.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7la9iu58.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 3.227.115.152:443 www.epicgames.com tcp
US 3.227.115.152:443 www.epicgames.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 152.115.227.3.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 93.128.125.74.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
N/A 224.0.0.251:5353 udp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe

MD5 870886dd2afc0ba3005cb93d60194367
SHA1 db9c8b01dbf9ce71fd5ba41cfdc5ac6a2d41cade
SHA256 98011567a3ac3f3eca2d6d78d1b30b281fd2abace05f15c1f63224f5048b21a8
SHA512 6b1e75ea158512ce51f82d42033006cb44d7223e56c731438977d49813671148713f615f6da0091e845bd96a7d92c96d7729b536d5497f80785879bb99684f36

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\JK4CY57.exe

MD5 870886dd2afc0ba3005cb93d60194367
SHA1 db9c8b01dbf9ce71fd5ba41cfdc5ac6a2d41cade
SHA256 98011567a3ac3f3eca2d6d78d1b30b281fd2abace05f15c1f63224f5048b21a8
SHA512 6b1e75ea158512ce51f82d42033006cb44d7223e56c731438977d49813671148713f615f6da0091e845bd96a7d92c96d7729b536d5497f80785879bb99684f36

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe

MD5 8f5beaf3303ccae8592054c4d9222e77
SHA1 33adafda234d03ad178a80ac068f252e76224320
SHA256 49db3df6393570d2293d77b17de97eab9e689d482a9ad75cc77afbea6153f99f
SHA512 221b8f278ee6b7d0ac8ade7191a162c9c9e4bb8efa263fef2d320f3c1ea7d9d3fd565838df6e5e48a6d7f7f20e92c26a998fe5fd68a33f3f3aa5ed2991735879

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cy9dE35.exe

MD5 8f5beaf3303ccae8592054c4d9222e77
SHA1 33adafda234d03ad178a80ac068f252e76224320
SHA256 49db3df6393570d2293d77b17de97eab9e689d482a9ad75cc77afbea6153f99f
SHA512 221b8f278ee6b7d0ac8ade7191a162c9c9e4bb8efa263fef2d320f3c1ea7d9d3fd565838df6e5e48a6d7f7f20e92c26a998fe5fd68a33f3f3aa5ed2991735879

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe

MD5 c5e05f5b88f2555fcc261e77bb723be2
SHA1 6fa6bacd8bef2022ae7e438f488df4af5dcc78bf
SHA256 534a4183bbd7c342296315ff92443855647aee480a36d7e1de0c9df4c6bb50d7
SHA512 559a2ba45014fbd297d7f0fd7aeda403e76f9ba71f34ae4599a6acc86acc0064e54f0c2d11916712e99ba8c2adcc3c04ef1a55a63a6cb101e4f736cd068c6e1a

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1tn16ab8.exe

MD5 c5e05f5b88f2555fcc261e77bb723be2
SHA1 6fa6bacd8bef2022ae7e438f488df4af5dcc78bf
SHA256 534a4183bbd7c342296315ff92443855647aee480a36d7e1de0c9df4c6bb50d7
SHA512 559a2ba45014fbd297d7f0fd7aeda403e76f9ba71f34ae4599a6acc86acc0064e54f0c2d11916712e99ba8c2adcc3c04ef1a55a63a6cb101e4f736cd068c6e1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2OR0921.exe

MD5 db0ccacdf6ea969b306dae7e186ae8f4
SHA1 bc5de73c34d3ebf3deaaa2b33feeedf55024b910
SHA256 ecc4203455ea6d6dd2165f9bd342d087800460d1e752bacdcc4fb7cea543a1ef
SHA512 91b05659578614b2ad072fe55a87cadbd7b7b32252f86bc3ebcab2b94c0ac826468aaca8a946e0c3a1285905a7f7b5ca2e002e28b53e13a7da4fb5bb1f7b0fd6

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2OR0921.exe

MD5 db0ccacdf6ea969b306dae7e186ae8f4
SHA1 bc5de73c34d3ebf3deaaa2b33feeedf55024b910
SHA256 ecc4203455ea6d6dd2165f9bd342d087800460d1e752bacdcc4fb7cea543a1ef
SHA512 91b05659578614b2ad072fe55a87cadbd7b7b32252f86bc3ebcab2b94c0ac826468aaca8a946e0c3a1285905a7f7b5ca2e002e28b53e13a7da4fb5bb1f7b0fd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_844_ZGYOVLDEVPGUZUDK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4972_CCBGULETFZEVRRUA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1756_PCOFUQFHSRLIKLHR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4072_SJUWPUPQXZIBFJRC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_3300_HNCISBTVBKXVLIOD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2980_OTBCCTVJMWMHGARM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4496_FKKGRKQHMKVTJFHW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3816_CXYMQZEHPWHPIZPQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

memory/6856-145-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae437aa74381f98f1806f8b46e26bcfb
SHA1 129a3871e8ed9b086d61dcb841d9ae2a51d43f2a
SHA256 5fbe02e1c01236f732de4bb04496c2eb6940b4358439e22070d5b4ec0d1a85cd
SHA512 18b375d97fcb3285cca33a3fd7c3f8b3f7c779eed39b3b944aae310f84b640705f727b04bf2cf417ac4243d6c9d7d1993fee1211f518b6f70b88d0848ac519ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae437aa74381f98f1806f8b46e26bcfb
SHA1 129a3871e8ed9b086d61dcb841d9ae2a51d43f2a
SHA256 5fbe02e1c01236f732de4bb04496c2eb6940b4358439e22070d5b4ec0d1a85cd
SHA512 18b375d97fcb3285cca33a3fd7c3f8b3f7c779eed39b3b944aae310f84b640705f727b04bf2cf417ac4243d6c9d7d1993fee1211f518b6f70b88d0848ac519ea

memory/6856-156-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6856-157-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6856-159-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 979b69b84da40d15d3567558ea64cef0
SHA1 536910dd448061297cd9052dee4f7f53a7e3323a
SHA256 d99907a3530c149dd276d718d150ba24943c13956009900a057009e7f8708408
SHA512 2254401d35459cc1d26ec6826b1d65b4e796926238642d2aba2386b70ffd6f0a913e9bbf484c9035b896b7f1dcf19542a132e4b86a041180037fd1c335a1fd78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe2d6ac5996af71bedc9e8736fe52be6
SHA1 a25113c57e7f38a66e2bca0cf61242c511b84cbb
SHA256 6aee1f04ec49e2d2599523d18ef6d460140b7c107ff0d91726446535277a7bc7
SHA512 8a15b8727853c474696a8ac90d67d0c730699aa1b538555a22ed7b7344e2d52dd2eb7e6b2018488782e7c28be1959ffc9a694f0acefe592b7fd08c1d2e469db4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe2d6ac5996af71bedc9e8736fe52be6
SHA1 a25113c57e7f38a66e2bca0cf61242c511b84cbb
SHA256 6aee1f04ec49e2d2599523d18ef6d460140b7c107ff0d91726446535277a7bc7
SHA512 8a15b8727853c474696a8ac90d67d0c730699aa1b538555a22ed7b7344e2d52dd2eb7e6b2018488782e7c28be1959ffc9a694f0acefe592b7fd08c1d2e469db4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/5896-206-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 979b69b84da40d15d3567558ea64cef0
SHA1 536910dd448061297cd9052dee4f7f53a7e3323a
SHA256 d99907a3530c149dd276d718d150ba24943c13956009900a057009e7f8708408
SHA512 2254401d35459cc1d26ec6826b1d65b4e796926238642d2aba2386b70ffd6f0a913e9bbf484c9035b896b7f1dcf19542a132e4b86a041180037fd1c335a1fd78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a5cb0b11b2e1b7f0eb3fa45c3b4765f5
SHA1 501120e6cf87369d7b8b9f987722108ddd335f09
SHA256 6ba567cc99293f1d26e6c6483590e99d13283dc0034e235f107b527c45dd1a99
SHA512 db9122d49f59fb439764e9c58f576875c6958327dd624fca98a7a62e64591fe140db5e6f03ac97ea972e91821561d84348bca6a2c5edc31464715a03759c09bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca931564c4423aa7cebeded6653bb7c3
SHA1 9954c98fa418ca269b23b7c89de514f46e5c26b4
SHA256 86de9b4e5aab22bdf7e542fa6d0519a89e6338d88f45e101ad3c3af3f9fb6a70
SHA512 f88d794d5048218cac1bb682dfd4cee78f1e2da0a1e906881801f967176ddf1a61cf9c5272b0db5835df8d4f0e1975d59ca526afe6bc4cfc10e7e076e2ef6436

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0ba1ec7e62ddfb667072c314c2eadd41
SHA1 8f346cc053be5c429fb3ec0a70227a6faaf37c46
SHA256 85ba1d1aaebbca0b6d07e9f49f781b4ff58fcc7c9ef51c1cc58d47d47f0928c6
SHA512 feb672b668f6b5b7c757d1d7d5ee1644395ca18f12b952edfc604d451bf97c36953c8bffa43c068f9e06bfad3ab06d0a03130a2a7d0a38c8755c50a968c91012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0ba1ec7e62ddfb667072c314c2eadd41
SHA1 8f346cc053be5c429fb3ec0a70227a6faaf37c46
SHA256 85ba1d1aaebbca0b6d07e9f49f781b4ff58fcc7c9ef51c1cc58d47d47f0928c6
SHA512 feb672b668f6b5b7c757d1d7d5ee1644395ca18f12b952edfc604d451bf97c36953c8bffa43c068f9e06bfad3ab06d0a03130a2a7d0a38c8755c50a968c91012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a5cb0b11b2e1b7f0eb3fa45c3b4765f5
SHA1 501120e6cf87369d7b8b9f987722108ddd335f09
SHA256 6ba567cc99293f1d26e6c6483590e99d13283dc0034e235f107b527c45dd1a99
SHA512 db9122d49f59fb439764e9c58f576875c6958327dd624fca98a7a62e64591fe140db5e6f03ac97ea972e91821561d84348bca6a2c5edc31464715a03759c09bc

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3HX14sx.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa9c73f6faac91d28c2ef8cb09720f40
SHA1 56085f3f928ec3da57f3f90a6b0c709e15749e81
SHA256 f04cf49f90c8fc51f7787b7f1e14aea3037eb2262f3df071956a29489d554fda
SHA512 6e4141a811d0a43d807ec8dc7fed48b8af1273bb5a77c062ec483f08c55a4cdc3d081ec451af351e499d9743822f48f9b4baac3807f6dba6ab665728aa7f1094

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca931564c4423aa7cebeded6653bb7c3
SHA1 9954c98fa418ca269b23b7c89de514f46e5c26b4
SHA256 86de9b4e5aab22bdf7e542fa6d0519a89e6338d88f45e101ad3c3af3f9fb6a70
SHA512 f88d794d5048218cac1bb682dfd4cee78f1e2da0a1e906881801f967176ddf1a61cf9c5272b0db5835df8d4f0e1975d59ca526afe6bc4cfc10e7e076e2ef6436

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa9c73f6faac91d28c2ef8cb09720f40
SHA1 56085f3f928ec3da57f3f90a6b0c709e15749e81
SHA256 f04cf49f90c8fc51f7787b7f1e14aea3037eb2262f3df071956a29489d554fda
SHA512 6e4141a811d0a43d807ec8dc7fed48b8af1273bb5a77c062ec483f08c55a4cdc3d081ec451af351e499d9743822f48f9b4baac3807f6dba6ab665728aa7f1094

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 726a57b55e7f1bea36d597706104783b
SHA1 c8370a2fe9dc6453f976667a5e8ff9b7a834529d
SHA256 bbd29933013e8e36515cfcac24233c06628ec3202792fa134e3849aa2a298cc2
SHA512 7d41ee13c9fd2c575f03ecee3200e78227d704cfa4416c5941e668173409162ceafb8431a53b87754c658ed8ca17009e449c31c5ecd4312d2661ec51fd6eb2ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 726a57b55e7f1bea36d597706104783b
SHA1 c8370a2fe9dc6453f976667a5e8ff9b7a834529d
SHA256 bbd29933013e8e36515cfcac24233c06628ec3202792fa134e3849aa2a298cc2
SHA512 7d41ee13c9fd2c575f03ecee3200e78227d704cfa4416c5941e668173409162ceafb8431a53b87754c658ed8ca17009e449c31c5ecd4312d2661ec51fd6eb2ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bd3ab719-4edd-4311-9507-33d6201d70ee.tmp

MD5 043e46e78e9008924d1cb54319a11dae
SHA1 b3cf568f4e8d4f5a72336e1a40b7655e11846cf8
SHA256 532264a14085ac8982169a913c225a884326a9a1999604819f40a65fba83ce69
SHA512 efd0a6e3f160aafd80e73e2ca83e462a9f00a5a33016bb119a45c39dac5ebff42c54d1cc255227c1b41db1b2d48bc24584b9e727a2cd6f199bf37048a1321f65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 704cfe7a6fe70f17658649ffc01c2c1a
SHA1 66a71301c404d4cf30c34cacc23a012b98e9a137
SHA256 cd4144711b4ed6b2b9bf389235b1b44bc5c018be25f26e846b0be9038df50d27
SHA512 88667f38ef81ef8e948d6760702f0b3a3b52ab0091e086bc5f9ad65d8c34f3ed7266aac62e896a2d037c059e151805d40c5c34950c9891278642375bb7cb09c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a78d67d29c5e134f6442122cd04dc56c
SHA1 a47aba3d399e5267b83f2b8564123dac2c2a6593
SHA256 ab80adbaabb26e8e8bc3a78fda32e13133970337d25a5f27bd19d8b7b23ed3f5
SHA512 19b1865071b2b1f9e091298c755511892d9321d6665b10a6398810f6c79b81815ecae61e52fb3731e94a6fb7d12b3e104c5a9b3c8cd377e14a13680f7f585a4e

memory/3264-396-0x0000000002F10000-0x0000000002F26000-memory.dmp

memory/5896-399-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f4318979fd4713a2a3f5c3200df2da6f
SHA1 eddcb177a0ad84464f4393c953af29fc3efe5915
SHA256 25e0a12b1403ac389085a58d06c90f4a7d5d85e872fae15913daf6c8db196303
SHA512 49d2e1488cec126b0f799c5c58e5405461fab965c296e64da4c84708c6d1285c251506b0038619c7f4ab8998a1456ea13fcc0ba30e363c7da788bcf28437f9b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5066892321538915e1e362e9c9bda5e
SHA1 05a36f8b473f20e7a89a63d23303b0a9eae8c48d
SHA256 1c39e0e1588fda224141c77ccfe12b2f0fb789746208003eb83e0eab317743e8
SHA512 cf7676b2d4e255c1ff52176f332db22427300df9afd827f50b41ae53dc4ce9aa2e8bbf85d657069971a346868bcc75ee27b980d3839bd512d5288e5f21fe2e6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/1300-452-0x0000000000400000-0x000000000043C000-memory.dmp