Malware Analysis Report

2025-01-02 05:31

Sample ID 231111-l7663aeb75
Target NEAS.df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe
SHA256 df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae

Threat Level: Known bad

The file NEAS.df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

Mystic

Detect Mystic stealer payload

RedLine payload

RedLine

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:11

Reported

2023-11-11 10:14

Platform

win10v2004-20231023-en

Max time kernel

174s

Max time network

191s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3084 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe
PID 3084 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe
PID 3084 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe
PID 4580 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe
PID 4580 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe
PID 4580 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe
PID 1996 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 344 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 344 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3096 wrote to memory of 3272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3096 wrote to memory of 3272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3536 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3536 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3652 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3652 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4768 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4768 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5092 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5092 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 224 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 224 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 5356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1996 wrote to memory of 5356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5356 wrote to memory of 5404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5356 wrote to memory of 5404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4580 wrote to memory of 5548 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2TW6263.exe
PID 4580 wrote to memory of 5548 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2TW6263.exe
PID 4580 wrote to memory of 5548 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2TW6263.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x154,0x16c,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x168,0x16c,0x144,0x170,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff4c8e46f8,0x7fff4c8e4708,0x7fff4c8e4718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2TW6263.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2TW6263.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,11766641459276861748,15221363347013421936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11766641459276861748,15221363347013421936,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16877333086348703528,9892118290692281642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16877333086348703528,9892118290692281642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1237757015705789853,3593799558905026842,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10572797694836118814,3023538968828500836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10572797694836118814,3023538968828500836,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5899740281663293123,12781613887751722101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,336477175207142301,5260456074685550025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5899740281663293123,12781613887751722101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,336477175207142301,5260456074685550025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9881694965855495061,10652061262642801064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1237757015705789853,3593799558905026842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9881694965855495061,10652061262642801064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11422879974487876781,2721783569215706118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2668646887192345970,298633457088266141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3oJ78sj.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3oJ78sj.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3996 -ip 3996

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10453759365268751719,9775887589165646684,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5212 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 twitter.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 107.23.147.12:443 www.epicgames.com tcp
US 107.23.147.12:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 12.147.23.107.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 65.252.72.23.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe

MD5 510cad3e6b4fe69c9014f9f44fcdab31
SHA1 69f205e4adc63e6a4f3ab3097762ece8098df550
SHA256 c0a87bfa0e84770e883a6bce042bb51a548af40759099aefcf5843ccd8938935
SHA512 c5414f2c54afb82e47f8e3295c159f52ce3c34fc83df567f629e67aaa52f5c4af51dbf74b699c41c1a574c874cd0fedab1df200b978f230895d478c39545d0b1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DB3VT84.exe

MD5 510cad3e6b4fe69c9014f9f44fcdab31
SHA1 69f205e4adc63e6a4f3ab3097762ece8098df550
SHA256 c0a87bfa0e84770e883a6bce042bb51a548af40759099aefcf5843ccd8938935
SHA512 c5414f2c54afb82e47f8e3295c159f52ce3c34fc83df567f629e67aaa52f5c4af51dbf74b699c41c1a574c874cd0fedab1df200b978f230895d478c39545d0b1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe

MD5 73b254ad3bd4b002ba418e0f7a7f97e9
SHA1 3c65b926a23cddb3fe69fbc83bf8f67c32864b95
SHA256 effcdf5ab3f5e45356504870afd0a84115dd36e4c37832c53c92bfe6dfa3477d
SHA512 aa5e566aa8f958b3b36bb8f18b97ec067058171148375b5d308e3aec00b8fd639d774046e967a68362a9f78a65b65937670c89e4c2126b3d277877321056675b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xv00Bc4.exe

MD5 73b254ad3bd4b002ba418e0f7a7f97e9
SHA1 3c65b926a23cddb3fe69fbc83bf8f67c32864b95
SHA256 effcdf5ab3f5e45356504870afd0a84115dd36e4c37832c53c92bfe6dfa3477d
SHA512 aa5e566aa8f958b3b36bb8f18b97ec067058171148375b5d308e3aec00b8fd639d774046e967a68362a9f78a65b65937670c89e4c2126b3d277877321056675b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2TW6263.exe

MD5 bbe1702badfb51724b16c284659e804f
SHA1 c1cebc5182ef08be1e5e43ee577f1de2cbe633be
SHA256 7353142af13656c8fb0fcee0225978041a6eba56904e1c80e8163556caeffb8a
SHA512 8f31a2021f6d17aa2380c9b4cf6b8342070c6ff7f37c0314f4d80a8bf0567bf02d2ae0fc8c4ca24440778b72a3a9f7d6a8ce8a879823583b99b57653dab0702c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_2032_GJEUHERPROXKVCAX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_344_QQVFGYGBUYWOVVJY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3652_DMSCMTWTDAGXVJFX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3124_OVXIJDSQAGJATTLU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_3536_LKPBCVFFTBIUGNIE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4768_VMHZTYXRIKTPMWOQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5092_HXQLBPITEFSWCCNN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3096_XFMFAUXOLXPFEQRI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2TW6263.exe

MD5 bbe1702badfb51724b16c284659e804f
SHA1 c1cebc5182ef08be1e5e43ee577f1de2cbe633be
SHA256 7353142af13656c8fb0fcee0225978041a6eba56904e1c80e8163556caeffb8a
SHA512 8f31a2021f6d17aa2380c9b4cf6b8342070c6ff7f37c0314f4d80a8bf0567bf02d2ae0fc8c4ca24440778b72a3a9f7d6a8ce8a879823583b99b57653dab0702c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c87e216b6fb70e3cf16a9f0d1f6a7a19
SHA1 fcde0d095d9a6c42a8baa1d1f2850675e9d7045b
SHA256 72989238d494341c17a4220d01d09c1772346b3a6f861f8c674bb0ee4155937d
SHA512 5b529dc5c739feeaba8b9416fb176a34dee3c7e57a20fae77cb525238e5a1a901be84af95c82ef02d7d6dd5396701af4bef64ec8e746154996287eef6a16316f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7ddef3a6b64d779ee94d9fca3e0e5a6
SHA1 f51613f7992fafa1727b396003f7b8903bbb6cc1
SHA256 e68cb403735616561fd86c859fba863bc093c08382e97ae98259b6c61d9f9c51
SHA512 bfff7fa6285a0138efa0675b8b3709394b95a9cf22bdef037f079726a224290811dfb812b42f4c080cebcb7b49a7fb3ec00e12307604cd1352a39600413bc9c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4466af1361a57405bb969da9bd21d12b
SHA1 9632f6be13860ea78f2b4a71080488329053b2ab
SHA256 7d006919eb398c50f7c212f38ba4e1c66833d152b081a4ab4a90e77e2806f5ed
SHA512 56f763ecdce4d554073a0392ec731b442d1335e78c1ec37bba24e2a067e29df6ed5cb4882710ab190ea2d4e895110271a314861b24e28b707779cc73e0a71d88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1826bff9-582e-474f-a8ef-9ad32f1f07f0.tmp

MD5 4466af1361a57405bb969da9bd21d12b
SHA1 9632f6be13860ea78f2b4a71080488329053b2ab
SHA256 7d006919eb398c50f7c212f38ba4e1c66833d152b081a4ab4a90e77e2806f5ed
SHA512 56f763ecdce4d554073a0392ec731b442d1335e78c1ec37bba24e2a067e29df6ed5cb4882710ab190ea2d4e895110271a314861b24e28b707779cc73e0a71d88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6fd02dd4e36c170c51d0b42f19185587
SHA1 335c647f51cf39c7a31ae35b562dbd5521672b9e
SHA256 255722b83e4b7c84a83201d44b6b65846ec4024bcb4a848bfa21101bf4bbbd33
SHA512 b7605166ed40eec47e80a0c1231fb3e60d035e48a8f65aa68f9f4d6a8d16b8f6b9e436f210128a93b97ca1118cfb1d7d3af5fb8ea73f252e6f6a11505c2f5ca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bcfc9fae-a250-4908-a85b-6a4ddf4e225d.tmp

MD5 036d9905a779fa8452a5eee11cda0f8a
SHA1 104651c8aa79dcb6f2e4d75bcae1b2eeaef9dbec
SHA256 2433c5ea68298991b77c8a27ee94de804bf82510140749cd1e66ee0428b0f9e3
SHA512 598f95e0163269434314d57e8842ab949b513834d116b33df75bb2d25862c440adfb22a23aa42aaec76e98503b1d6993150b94f9e40070c9ae7f572657145419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17915a6fe52bdfd4193de93395ed8610
SHA1 2cfee4df0f1a4662979b83e6c1cab037690d6f32
SHA256 1a99fb36f0e47ca04c700a92eadc3813965f50c4356e23ce8b5d904c29e98c0c
SHA512 9a26aced0ae9a6aea0b5970c1d0c1780d89ad4ec29e1d9c77c38435ab85049756d1ac5a7c14c547f1a23a955cc51c2c9658cc74dac15bbee27980b557454fb04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a07e11b34631a03be0d8097d322d3e6f
SHA1 51b7e98ec1e6226dc48c3cf3df1b556e05560764
SHA256 f150d419e542ecfe0796503068e69b883a591171fe046887f9affc602cbae3c9
SHA512 efee0720cec54f990375c770fd0569c30817c1116c4c6fb671c03b2a732e8cb90b4b9f40de73a33b2c6b5b2b3ad1f85ef3b88495303250661f5221f169a38b34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17915a6fe52bdfd4193de93395ed8610
SHA1 2cfee4df0f1a4662979b83e6c1cab037690d6f32
SHA256 1a99fb36f0e47ca04c700a92eadc3813965f50c4356e23ce8b5d904c29e98c0c
SHA512 9a26aced0ae9a6aea0b5970c1d0c1780d89ad4ec29e1d9c77c38435ab85049756d1ac5a7c14c547f1a23a955cc51c2c9658cc74dac15bbee27980b557454fb04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1d7b491e-86f9-483e-b324-9dbfcdd190a8.tmp

MD5 a07e11b34631a03be0d8097d322d3e6f
SHA1 51b7e98ec1e6226dc48c3cf3df1b556e05560764
SHA256 f150d419e542ecfe0796503068e69b883a591171fe046887f9affc602cbae3c9
SHA512 efee0720cec54f990375c770fd0569c30817c1116c4c6fb671c03b2a732e8cb90b4b9f40de73a33b2c6b5b2b3ad1f85ef3b88495303250661f5221f169a38b34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6fd02dd4e36c170c51d0b42f19185587
SHA1 335c647f51cf39c7a31ae35b562dbd5521672b9e
SHA256 255722b83e4b7c84a83201d44b6b65846ec4024bcb4a848bfa21101bf4bbbd33
SHA512 b7605166ed40eec47e80a0c1231fb3e60d035e48a8f65aa68f9f4d6a8d16b8f6b9e436f210128a93b97ca1118cfb1d7d3af5fb8ea73f252e6f6a11505c2f5ca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7ddef3a6b64d779ee94d9fca3e0e5a6
SHA1 f51613f7992fafa1727b396003f7b8903bbb6cc1
SHA256 e68cb403735616561fd86c859fba863bc093c08382e97ae98259b6c61d9f9c51
SHA512 bfff7fa6285a0138efa0675b8b3709394b95a9cf22bdef037f079726a224290811dfb812b42f4c080cebcb7b49a7fb3ec00e12307604cd1352a39600413bc9c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c87e216b6fb70e3cf16a9f0d1f6a7a19
SHA1 fcde0d095d9a6c42a8baa1d1f2850675e9d7045b
SHA256 72989238d494341c17a4220d01d09c1772346b3a6f861f8c674bb0ee4155937d
SHA512 5b529dc5c739feeaba8b9416fb176a34dee3c7e57a20fae77cb525238e5a1a901be84af95c82ef02d7d6dd5396701af4bef64ec8e746154996287eef6a16316f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d788f8187367f5799339a64a1b003fd
SHA1 8e82e88d6d6fe5cc8c4636ddc107fb226cfddf28
SHA256 52a0143d077f529ddca93fdbc8ca9f8fc607bc9ebf29053f828c8d5e92f75cc8
SHA512 f57011c720225bac9640ae774b2445caaa026c171fc5c63b36c2a29d99340988bea938ddc489ad03bdc45a6fb67fd52154155185bbdf6d4569c4274bcc99ad58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d788f8187367f5799339a64a1b003fd
SHA1 8e82e88d6d6fe5cc8c4636ddc107fb226cfddf28
SHA256 52a0143d077f529ddca93fdbc8ca9f8fc607bc9ebf29053f828c8d5e92f75cc8
SHA512 f57011c720225bac9640ae774b2445caaa026c171fc5c63b36c2a29d99340988bea938ddc489ad03bdc45a6fb67fd52154155185bbdf6d4569c4274bcc99ad58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 036d9905a779fa8452a5eee11cda0f8a
SHA1 104651c8aa79dcb6f2e4d75bcae1b2eeaef9dbec
SHA256 2433c5ea68298991b77c8a27ee94de804bf82510140749cd1e66ee0428b0f9e3
SHA512 598f95e0163269434314d57e8842ab949b513834d116b33df75bb2d25862c440adfb22a23aa42aaec76e98503b1d6993150b94f9e40070c9ae7f572657145419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7ddef3a6b64d779ee94d9fca3e0e5a6
SHA1 f51613f7992fafa1727b396003f7b8903bbb6cc1
SHA256 e68cb403735616561fd86c859fba863bc093c08382e97ae98259b6c61d9f9c51
SHA512 bfff7fa6285a0138efa0675b8b3709394b95a9cf22bdef037f079726a224290811dfb812b42f4c080cebcb7b49a7fb3ec00e12307604cd1352a39600413bc9c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a07e11b34631a03be0d8097d322d3e6f
SHA1 51b7e98ec1e6226dc48c3cf3df1b556e05560764
SHA256 f150d419e542ecfe0796503068e69b883a591171fe046887f9affc602cbae3c9
SHA512 efee0720cec54f990375c770fd0569c30817c1116c4c6fb671c03b2a732e8cb90b4b9f40de73a33b2c6b5b2b3ad1f85ef3b88495303250661f5221f169a38b34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17915a6fe52bdfd4193de93395ed8610
SHA1 2cfee4df0f1a4662979b83e6c1cab037690d6f32
SHA256 1a99fb36f0e47ca04c700a92eadc3813965f50c4356e23ce8b5d904c29e98c0c
SHA512 9a26aced0ae9a6aea0b5970c1d0c1780d89ad4ec29e1d9c77c38435ab85049756d1ac5a7c14c547f1a23a955cc51c2c9658cc74dac15bbee27980b557454fb04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6fd02dd4e36c170c51d0b42f19185587
SHA1 335c647f51cf39c7a31ae35b562dbd5521672b9e
SHA256 255722b83e4b7c84a83201d44b6b65846ec4024bcb4a848bfa21101bf4bbbd33
SHA512 b7605166ed40eec47e80a0c1231fb3e60d035e48a8f65aa68f9f4d6a8d16b8f6b9e436f210128a93b97ca1118cfb1d7d3af5fb8ea73f252e6f6a11505c2f5ca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c87e216b6fb70e3cf16a9f0d1f6a7a19
SHA1 fcde0d095d9a6c42a8baa1d1f2850675e9d7045b
SHA256 72989238d494341c17a4220d01d09c1772346b3a6f861f8c674bb0ee4155937d
SHA512 5b529dc5c739feeaba8b9416fb176a34dee3c7e57a20fae77cb525238e5a1a901be84af95c82ef02d7d6dd5396701af4bef64ec8e746154996287eef6a16316f

memory/3996-330-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3996-331-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3996-332-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3996-334-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3352-344-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0ff6d1269177398ff3f8d7de606a1d91
SHA1 3f23ee84a75a8e7cfd64dd794a6296ed65a7d913
SHA256 bb6a02d991f001211bd19c1da8fd7a286ab822088afe096058f814b0a7099c7b
SHA512 d7f71fbd866e7e77d232208076cc91a3e166830191049307abb9b4f95e931794c697374f8a8471fc9e0554a5ad0e3bf01fe0ea7c44146e1e4c3f383798a225b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d068e9e7ceb699af1cd3711db8192a7d
SHA1 10569f2b863bbddec45062bc6a758a946e95fec1
SHA256 5e43452aa52d00f9f1b3aa984204c4450c6e241a205ad9a834404d319921a055
SHA512 e91577177f420b53f7d1bf7bcf3115da1e841f63431e2c06e5b1da9a6c826dbf5a49e39eddfacb60cdbd8fe9401166c8bd104b07abf037454df155bb2dde1cde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ea0b23bc463eed450db56ccdef63455e
SHA1 c3ae2aeeb78c8a9864780f0f2f05c5e43b6d8382
SHA256 1079c67c581f57bd43862204c73189e79f6abe0e8febef9fcc2c0cb094129bf7
SHA512 c70e11e22e3843eeb33fb4417377d4a9c34075abdbf86be6084904db16ca41024291454bcdba712c6a66e34106dabc6e56c91b0d3ba7ab3782e552c06981d2e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a61cb2a843bf73a32bbf0b599195898
SHA1 b1816eeb33c9628df7022991e5054c6de0f148ce
SHA256 0480e6875220df1e52d9e962d90945ad5ce440902623ea97cb4b1ba0ceb7d3eb
SHA512 978d72f33b8e4b6cf48b45c0449d3e600a0e9a0a53819f9a8beadf8a51a01b0daf5da253eec96b90e414609c9c26a6c0a28dd7871d4c9de0146ad9ce8a3098b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 918ecd7940dcab6b9f4b8bdd4d3772b2
SHA1 7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4
SHA256 3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175
SHA512 c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e372105b0dacfdd017732c48ec92ae3d
SHA1 0ee2dc426dbf25dc0ec878cfcb0ea919ccb609e9
SHA256 dc8ac04190e892a3db726270dc9ff46d0e336b2dcf471de1177ad8c1a5d127d0
SHA512 74412241dd8acfcebe402b030ab3ff6a6f4a99b089824f99d2e8a4ea25bfa8fdb0212333bdff5d62d385f52dd6717ebbd581931f481e23b8f8cdc2851ac6b8a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7748b009df54b802186249d8341d0037
SHA1 f58c0e6b890e06c5625d6f15cf93e342e1db21f2
SHA256 daf4be435bc2f9f725b8d909be1ffec6c7306567d1dbad336b92506fa53e7bb9
SHA512 0fda4167eb56ad88e4976e4f5e01706149cf06292f13863c59ba58e84b26b2491f415b2be81130392e8d97277d54b1b7d59e5b027fe12808d1aa38374394639c

memory/3352-434-0x0000000073E50000-0x0000000074600000-memory.dmp

memory/3352-435-0x0000000007A40000-0x0000000007FE4000-memory.dmp

memory/3352-436-0x0000000007530000-0x00000000075C2000-memory.dmp

memory/3352-437-0x00000000076C0000-0x00000000076D0000-memory.dmp

memory/3352-438-0x0000000007490000-0x000000000749A000-memory.dmp

memory/3352-439-0x0000000008610000-0x0000000008C28000-memory.dmp

memory/3352-440-0x0000000007850000-0x000000000795A000-memory.dmp

memory/3352-441-0x0000000007700000-0x0000000007712000-memory.dmp

memory/3352-442-0x0000000007760000-0x000000000779C000-memory.dmp

memory/3352-443-0x00000000077A0000-0x00000000077EC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cc468668ac4fffaf9a5c67b378dc1601
SHA1 d4f55c5f70539030d660955ed3aaddb09d2f32bc
SHA256 220109a5d5820b6e20af9d9879ff24e2b7b144cb35ea3af4a46c2d2cbe355518
SHA512 5135fb7b9ed647e82546f95638a5334f1cffc1d1da5e1675d9dc527f02156c2d29cde1c14b3256dd7fdbbf68bc14ad96bfeed8f4b60fb82e70185d75f73f01ea

memory/3352-449-0x0000000073E50000-0x0000000074600000-memory.dmp

memory/3352-450-0x00000000076C0000-0x00000000076D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1b45573618389ad12b38d674e5bea0fc
SHA1 4142d0919ffe8465369c3d0a8d9d5c3232af7b4a
SHA256 93dd052baa5a74fd8e23865395d305883277a928cb3c4b98a58a8891743235be
SHA512 28e89e04239f59e3565554a7339bea820119dbb7845abd07d968201e8a752b9ee8ff89fa31579b15e85778a346fa5d7aadbe2f79639d2c05c73cf988babb967b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59fe1d.TMP

MD5 f7ccc37961bed29194101b620ecac0fd
SHA1 7a0da195af782c8f1fddf98001c04bb705a8d748
SHA256 7843dc71200adaa3deef4f6fc17e796c50e25604306fd2efd54f0d71481c5836
SHA512 0c2f8bc248bc2e38809d052f424376f8a45c2c08944e1024f8f615ca9f527bfcb899f30b7d7fed35b5f45a5fc26d321bce0e334efaf95b171dc2b6aec0d7b9d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 79181298c11f3a8e7dcd0ce4ddd59de1
SHA1 c27aba75fc55d8ef4f3d9a4892aab3871de8aa18
SHA256 568c6716f9fd323dfc774729611e0cbca60aa3c2639fa5fa0fc710a94da8c992
SHA512 f3f4a43724a87be2233b97c2a9d5edcf14069aac18c3510a89b045fc1f643b161340d8339e9dd660358941e1a11ed792ded777337d28cfdef1c495805bcbc92c