Malware Analysis Report

2024-12-08 01:24

Sample ID 231111-m1s7asea3x
Target NEAS.7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60.exe
SHA256 7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60

Threat Level: Known bad

The file NEAS.7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

RedLine payload

Detect Mystic stealer payload

RedLine

Mystic

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:56

Reported

2023-11-11 10:59

Platform

win10v2004-20231023-en

Max time kernel

170s

Max time network

185s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1152 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe
PID 1152 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe
PID 1152 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe
PID 1096 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe
PID 1096 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe
PID 1096 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe
PID 3796 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe
PID 3796 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe
PID 3796 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe
PID 3612 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2988 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2988 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 3792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 3792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5096 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5096 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.7e7ac7e61be5f361cd44ac01410a6d06080f6473ff11673648a79493db029f60.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4140792621979752683,9899642445609240071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4140792621979752683,9899642445609240071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4542348659885356326,10852353253313601983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4542348659885356326,10852353253313601983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11314633845491143517,1722102353268616895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffec86946f8,0x7ffec8694708,0x7ffec8694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Hl5VE4.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Hl5VE4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8007876211947430039,16158853493463241860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8007876211947430039,16158853493463241860,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9160 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5312 -ip 5312

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5VB91NM.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5VB91NM.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 208

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6wV107.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6wV107.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1476,7393584439063142360,15137666293124254238,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4528 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 twitter.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 18.233.175.4:443 www.epicgames.com tcp
US 104.244.42.193:443 twitter.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 4.175.233.18.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.69:443 t.co tcp
US 192.229.220.133:443 video.twimg.com tcp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe

MD5 23077ae88c281735b16c87859cd60c86
SHA1 5022ac93e05b2728d5f71add28b0ba725aea96b0
SHA256 3b6c6418becf868d7fab1653f6307365702324df4f04f96c7691928fa6d81657
SHA512 e6f955068bfd5a4262649250324873856035a086c3ea14aed7f5889d133c7e68be19d5c76fa47afde154b5682ee09fcaee507fd51b00a52275527550d86c2d9f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ge0Qf40.exe

MD5 23077ae88c281735b16c87859cd60c86
SHA1 5022ac93e05b2728d5f71add28b0ba725aea96b0
SHA256 3b6c6418becf868d7fab1653f6307365702324df4f04f96c7691928fa6d81657
SHA512 e6f955068bfd5a4262649250324873856035a086c3ea14aed7f5889d133c7e68be19d5c76fa47afde154b5682ee09fcaee507fd51b00a52275527550d86c2d9f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe

MD5 9fea2d5f70348d1d944d359854a507c7
SHA1 74a3d7929de5b0bcd9e8c79c9131aa240838fce9
SHA256 ad1c11ba74112cf4a1c76ac16e61d40d464dcc323f8ed6c7ee708ecf644719bf
SHA512 b8c18c989c26f4b3078e37f65dfcb591416f9d368cd8fb74e5be5526b0258e0a4ceb4956163d525b3069004e4261204263c53b13f2495ee4fd1d1a46a458bf1d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jm1WK74.exe

MD5 9fea2d5f70348d1d944d359854a507c7
SHA1 74a3d7929de5b0bcd9e8c79c9131aa240838fce9
SHA256 ad1c11ba74112cf4a1c76ac16e61d40d464dcc323f8ed6c7ee708ecf644719bf
SHA512 b8c18c989c26f4b3078e37f65dfcb591416f9d368cd8fb74e5be5526b0258e0a4ceb4956163d525b3069004e4261204263c53b13f2495ee4fd1d1a46a458bf1d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe

MD5 3b6694d5c5690159032568f0d1714ee3
SHA1 9a810bceab546aa94c4c365db2caef15e2ce2ca6
SHA256 4b134ed29efca4cd238b58cc93379c985ca8dc263621d386682b1d0ae8cc242e
SHA512 c0b34e51bd156f47ee4af86cee602b58c5dd1f3e81d84ae5fb38d68e0cfc39cbf04e7684664771d8250d2264cd1af37025ae312adac4f0e8e5ef19791f24c8ab

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3FH476Em.exe

MD5 3b6694d5c5690159032568f0d1714ee3
SHA1 9a810bceab546aa94c4c365db2caef15e2ce2ca6
SHA256 4b134ed29efca4cd238b58cc93379c985ca8dc263621d386682b1d0ae8cc242e
SHA512 c0b34e51bd156f47ee4af86cee602b58c5dd1f3e81d84ae5fb38d68e0cfc39cbf04e7684664771d8250d2264cd1af37025ae312adac4f0e8e5ef19791f24c8ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_4628_LEOSXYJQICUKKONK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4324_VFIQAJZBBSRMLTWL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2988_EDQHIOEWSHHKLWBN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 476af110017fc73ce460bbbc01f7512a
SHA1 8d69ab70dde165ef556e19e871f5827fad9ed40f
SHA256 646af6f0fa1f68f4f680e8498960ca05f949bd2d669a0a4b520c8d71d8aeaca8
SHA512 6e5d9bac9c332eb5f06c0901f3ab5f0ed4aac41f26ae8e573c9cc90224b4bee2b1ff9126e8bc1c0ebb86c183abf9f2708ebe78f682bf25454b948823d3bf4014

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 476af110017fc73ce460bbbc01f7512a
SHA1 8d69ab70dde165ef556e19e871f5827fad9ed40f
SHA256 646af6f0fa1f68f4f680e8498960ca05f949bd2d669a0a4b520c8d71d8aeaca8
SHA512 6e5d9bac9c332eb5f06c0901f3ab5f0ed4aac41f26ae8e573c9cc90224b4bee2b1ff9126e8bc1c0ebb86c183abf9f2708ebe78f682bf25454b948823d3bf4014

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ebabac0aeb2171bb5e5077b58341e81
SHA1 84e4d45dcc2e8d9084c4db6abf46dd803cb70d20
SHA256 b530daba999245cd7620767f39f515c7de2a624f60312153f92143e959f17935
SHA512 ffe2bf562499415c8f7681c11e38ff2c8bc199a9fe1da553896ac5eac9bdc58d3ea2e5cd5360ac1f2e28c7c3bf6529a2cbd54e3a8c21ccc108f40e17488e04b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ebabac0aeb2171bb5e5077b58341e81
SHA1 84e4d45dcc2e8d9084c4db6abf46dd803cb70d20
SHA256 b530daba999245cd7620767f39f515c7de2a624f60312153f92143e959f17935
SHA512 ffe2bf562499415c8f7681c11e38ff2c8bc199a9fe1da553896ac5eac9bdc58d3ea2e5cd5360ac1f2e28c7c3bf6529a2cbd54e3a8c21ccc108f40e17488e04b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 476af110017fc73ce460bbbc01f7512a
SHA1 8d69ab70dde165ef556e19e871f5827fad9ed40f
SHA256 646af6f0fa1f68f4f680e8498960ca05f949bd2d669a0a4b520c8d71d8aeaca8
SHA512 6e5d9bac9c332eb5f06c0901f3ab5f0ed4aac41f26ae8e573c9cc90224b4bee2b1ff9126e8bc1c0ebb86c183abf9f2708ebe78f682bf25454b948823d3bf4014

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Hl5VE4.exe

MD5 bbe1702badfb51724b16c284659e804f
SHA1 c1cebc5182ef08be1e5e43ee577f1de2cbe633be
SHA256 7353142af13656c8fb0fcee0225978041a6eba56904e1c80e8163556caeffb8a
SHA512 8f31a2021f6d17aa2380c9b4cf6b8342070c6ff7f37c0314f4d80a8bf0567bf02d2ae0fc8c4ca24440778b72a3a9f7d6a8ce8a879823583b99b57653dab0702c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7baeb6ff41148ad4fb1ad31397e948ab
SHA1 780950f490803910673ba9dd6018473f836936b0
SHA256 8819b8a4707400c9197d3c2799a12ebfe35645d68cda63b98b0a618dd79a4aba
SHA512 53837e0e41ae7cf03e83141e63da4cce615eebf85285175f9e06f019e5b67e23a361e091c77858a940b3abb2f45fc0041a93740d365a863ff97ba00dfb0daf8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7baeb6ff41148ad4fb1ad31397e948ab
SHA1 780950f490803910673ba9dd6018473f836936b0
SHA256 8819b8a4707400c9197d3c2799a12ebfe35645d68cda63b98b0a618dd79a4aba
SHA512 53837e0e41ae7cf03e83141e63da4cce615eebf85285175f9e06f019e5b67e23a361e091c77858a940b3abb2f45fc0041a93740d365a863ff97ba00dfb0daf8c

\??\pipe\LOCAL\crashpad_404_XXHLWFOTTSJLJSEE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 683508862a8e0d026db29916ed341893
SHA1 4bd5a332406a078d14563aded876e1255d57cf5e
SHA256 c13661a3a008e640e8b2a99ac2d6f10e884127c4f45b7a0e9fe13a112c28ce80
SHA512 f9b510e426e257f5ba91ce84c5853df40e492073a6dc22c191c660ff129f624952fc331e8b65279e7c4ee9f8ca76597eef69b53760c1b977a594475cd4d277e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e558688f77d54a502ad7c3156d27c90
SHA1 297e3ae770de155e104788b8b3371c80ee35f210
SHA256 f74c95e9a6a82985924f51720affc21b01c661c9df0af763774d91f4a65569ed
SHA512 4219bcbd92ace8c87dd056dd7a1ebfe60d1f51d9bb660caf27aa0e137d2ac72a56840faa7e7122ee51726281bd122de6248f97e8246610d63594b1f2edd670c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\77057aa5-8783-4bd1-ba1f-a4f008dbf6c6.tmp

MD5 be04a565332a6abe150a4515ea514318
SHA1 374a9f723050c48da53fc41b7a5233acc0085906
SHA256 77ad24ae503968cc81054949636423ab2c7f4d8ac46cf4af2fc3117ff0d024c2
SHA512 434187bad4df87ae5e5172796bc8889dbc41815faed3ee8167835f0599478b55c1b2cb40d3a4c0c740cdab385c50d3c3f49c161305a64be824c5a725b42ed636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e558688f77d54a502ad7c3156d27c90
SHA1 297e3ae770de155e104788b8b3371c80ee35f210
SHA256 f74c95e9a6a82985924f51720affc21b01c661c9df0af763774d91f4a65569ed
SHA512 4219bcbd92ace8c87dd056dd7a1ebfe60d1f51d9bb660caf27aa0e137d2ac72a56840faa7e7122ee51726281bd122de6248f97e8246610d63594b1f2edd670c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ebabac0aeb2171bb5e5077b58341e81
SHA1 84e4d45dcc2e8d9084c4db6abf46dd803cb70d20
SHA256 b530daba999245cd7620767f39f515c7de2a624f60312153f92143e959f17935
SHA512 ffe2bf562499415c8f7681c11e38ff2c8bc199a9fe1da553896ac5eac9bdc58d3ea2e5cd5360ac1f2e28c7c3bf6529a2cbd54e3a8c21ccc108f40e17488e04b2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Hl5VE4.exe

MD5 bbe1702badfb51724b16c284659e804f
SHA1 c1cebc5182ef08be1e5e43ee577f1de2cbe633be
SHA256 7353142af13656c8fb0fcee0225978041a6eba56904e1c80e8163556caeffb8a
SHA512 8f31a2021f6d17aa2380c9b4cf6b8342070c6ff7f37c0314f4d80a8bf0567bf02d2ae0fc8c4ca24440778b72a3a9f7d6a8ce8a879823583b99b57653dab0702c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7baeb6ff41148ad4fb1ad31397e948ab
SHA1 780950f490803910673ba9dd6018473f836936b0
SHA256 8819b8a4707400c9197d3c2799a12ebfe35645d68cda63b98b0a618dd79a4aba
SHA512 53837e0e41ae7cf03e83141e63da4cce615eebf85285175f9e06f019e5b67e23a361e091c77858a940b3abb2f45fc0041a93740d365a863ff97ba00dfb0daf8c

\??\pipe\LOCAL\crashpad_916_PKZFRNJGZGVQFHTW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 be04a565332a6abe150a4515ea514318
SHA1 374a9f723050c48da53fc41b7a5233acc0085906
SHA256 77ad24ae503968cc81054949636423ab2c7f4d8ac46cf4af2fc3117ff0d024c2
SHA512 434187bad4df87ae5e5172796bc8889dbc41815faed3ee8167835f0599478b55c1b2cb40d3a4c0c740cdab385c50d3c3f49c161305a64be824c5a725b42ed636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 937a2578bed1bec6d7f92ee94cbba570
SHA1 e282a91d5b0b2f6682c1af69a68214c0634bee2f
SHA256 85394a83a58e27c369856c0722f87c811b8f8ec8a0f1f5e2dac4908b94b1bad7
SHA512 49cbfa742bb27e33dfb1ae8087a71170bc988c3cd439b9d471ee3912a391ec3cee1dc00264cd22b5e11675c284fb1c059543ba1a06b1ea4cc70b1dd335236ccc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 937a2578bed1bec6d7f92ee94cbba570
SHA1 e282a91d5b0b2f6682c1af69a68214c0634bee2f
SHA256 85394a83a58e27c369856c0722f87c811b8f8ec8a0f1f5e2dac4908b94b1bad7
SHA512 49cbfa742bb27e33dfb1ae8087a71170bc988c3cd439b9d471ee3912a391ec3cee1dc00264cd22b5e11675c284fb1c059543ba1a06b1ea4cc70b1dd335236ccc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 356f77ad8221c4a57886f7d12ebb6e34
SHA1 dcbe5b54b3e8e33f46b8e45a4df4d67061ab663b
SHA256 89a6141aac94004d8562e66bb7a08d80e0d547baf2984d89c4747900dbe40e9d
SHA512 045f10a5cc73a992ba3b3143ccac79c0761aed5320e53b5158056ef4b5e916ebfaae68818dbbbc304ef1e74dc92ae4fa954c0d4dcf32ae72066a5e2d0ef1cadd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5312-321-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5312-324-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5312-327-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5312-325-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6460-333-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e5b8d34c8faf80201276e25f3ca64bfe
SHA1 af53df66939abde1bca9458d8d5878e8bda4ea46
SHA256 a690196ed7a95e433c7ec8f41f8b5ca3332a1313a16a54ee30725bb432e9f20a
SHA512 7f672918c954a0a58064ab8c2439e9e469175b5ba3165793c093737ac0b18c19573d64a4f64aa843c2a7a7d65ec25f5bea57fddd9533c074d02d87ea9ccffdae

memory/4152-360-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 366773e8eb77b016822c42aa5bb29cbf
SHA1 ca664adbe5a857dc7c3db6a60f918e92f8f34989
SHA256 7d3a5fc3884560956bf767fcb98c0dcf9be5c624d7a653de5c6c1151c492f992
SHA512 06b8b01f37a13dfd48e980650d91a18e66fa647d1e87c1e5cc75c20afca61e3531f6559494b09c8a52b978ffc40da8fa3b7518780d8dc666ab232d20ab2e0fab

memory/4152-393-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4152-408-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4152-410-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 490754b764b7f1f4058a28b982d8cf01
SHA1 a802c9c8863e0e6b08556d7f861e66bae9d0302d
SHA256 ec0048833896bf99fe35bdd51c6140b830939f96179a08ee554d7c68018dcc9a
SHA512 ca2b8aabb37afdf38de59cf08fbc1a44f15e2990baaa5e2da81e32dc172b76df7d0b2d717f2b863b4f49cda235d78a090675a95e499a861e968f9dc3da4e2834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a0bd8.TMP

MD5 edbd4f560ef6b064a6da546507b1197f
SHA1 9615f4ce018cd48e03e2508834e637e383aef665
SHA256 800775fd18a8f3f6dda3e4d6d5915356931a2388170b7fa09592fc045cff7ef9
SHA512 228e9a6aff8656966f3d1d006a2e13e275e2925f71421bc230ec32f1ab11c496bf3ec1d7e83ca8098cda826d5db12a57fe0ac40064f8bc49113f3e2c08542740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 978f64c07b0013149a3997bc59910e58
SHA1 4a7954f23fcd910e9ef5653af4eb6bbcc9f32746
SHA256 6b63130fb2fa6155eee4bc77d6e7e1205409945f8eca7a5d7bbc19b02080e2fe
SHA512 750b2969e13315e66d5c41743c081c843a0a4ed32683f07b532d00d6b3d863973041d7378a061f3ec15ac1bd02b2fb60fedc865a524fd223191bc855be71ffe9