Malware Analysis Report

2024-12-08 01:11

Sample ID 231111-mh9fkade6z
Target NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe
SHA256 0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201

Threat Level: Known bad

The file NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Mystic

RedLine

RedLine payload

Detect Mystic stealer payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:29

Reported

2023-11-11 10:31

Platform

win10v2004-20231023-en

Max time kernel

162s

Max time network

170s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1388 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe
PID 1388 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe
PID 1388 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe
PID 4920 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe
PID 4920 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe
PID 4920 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe
PID 2836 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe
PID 4920 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe
PID 4920 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe
PID 1648 wrote to memory of 4288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1648 wrote to memory of 4288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2512 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2512 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4440 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4440 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4320 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4320 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2560 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2560 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 892 wrote to memory of 640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 892 wrote to memory of 640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2656 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1388 wrote to memory of 5336 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eK23WF.exe
PID 1388 wrote to memory of 5336 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eK23WF.exe
PID 1388 wrote to memory of 5336 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eK23WF.exe
PID 4440 wrote to memory of 6044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4440 wrote to memory of 6044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x144,0x16c,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff94ec746f8,0x7ff94ec74708,0x7ff94ec74718

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eK23WF.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eK23WF.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5164 -ip 5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4615937200209284575,14151673078496872148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1192769030678656240,4681501806970066043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,6817346426559610800,10163825961810050186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,6817346426559610800,10163825961810050186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6339163690194156838,5115152062488108288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6339163690194156838,5115152062488108288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4615937200209284575,14151673078496872148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,10399956128030511753,4871792942861913080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,10399956128030511753,4871792942861913080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,14026560646603651702,11678524165823131846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,14026560646603651702,11678524165823131846,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,14687361220548990086,3190699807557835415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14687361220548990086,3190699807557835415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,4106579804588619531,14184480509885287163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,4106579804588619531,14184480509885287163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1192769030678656240,4681501806970066043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,4576622351467951009,3236424101547333688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,4576622351467951009,3236424101547333688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 540

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2220,8245514296204689755,14611928324207610664,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7204 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 store.steampowered.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 52.7.192.127:443 www.epicgames.com tcp
US 52.7.192.127:443 www.epicgames.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 127.192.7.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 8.8.8.8:53 i.ytimg.com udp
US 93.184.220.70:443 pbs.twimg.com tcp
NL 172.217.168.246:443 i.ytimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 246.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.244.42.2:443 api.twitter.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
NL 142.251.36.1:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe

MD5 32c3209eb780dd2d15e8aae7d4d19ec9
SHA1 4c7fe50db66a3720ddd3dee4380dbd2cdf946809
SHA256 1aa8c46c4cbcaab0bf1d833f29bff710dbf21c07ed5755aa45949f64fbe0ad17
SHA512 87782375763b65d920946ac7556541cb6f188a4f294a51357dbd0489acd8da0f40726a4f79d6c05ae79fd69d6b25cc119685bfcc1f4dc64804960a33c54a27e1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FC1qp26.exe

MD5 32c3209eb780dd2d15e8aae7d4d19ec9
SHA1 4c7fe50db66a3720ddd3dee4380dbd2cdf946809
SHA256 1aa8c46c4cbcaab0bf1d833f29bff710dbf21c07ed5755aa45949f64fbe0ad17
SHA512 87782375763b65d920946ac7556541cb6f188a4f294a51357dbd0489acd8da0f40726a4f79d6c05ae79fd69d6b25cc119685bfcc1f4dc64804960a33c54a27e1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe

MD5 a3e78a25bcaa98631700da5c34d32e03
SHA1 25f8168dd09abbe1b327df68618bec9cd0d3a4d4
SHA256 e80cf3e206352203dd68c149d6c9ba19b9751e777007c0656076ec68629a366f
SHA512 dcb84c31e36055c2a2675f8fa92f2e62e09f20dc25582940425cffabefa801528331bb1688bfdf0520d3e2ea362fcdf24b718190d665b6d9035f2fb7d9b6b04e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Jk687hI.exe

MD5 a3e78a25bcaa98631700da5c34d32e03
SHA1 25f8168dd09abbe1b327df68618bec9cd0d3a4d4
SHA256 e80cf3e206352203dd68c149d6c9ba19b9751e777007c0656076ec68629a366f
SHA512 dcb84c31e36055c2a2675f8fa92f2e62e09f20dc25582940425cffabefa801528331bb1688bfdf0520d3e2ea362fcdf24b718190d665b6d9035f2fb7d9b6b04e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe

MD5 edf6d38652bd6de386e305a27dfee5c9
SHA1 2ccc25909c5c14539a98d257fec1cf6fed8bf775
SHA256 23d15502688bb01c2a2153dbe88e927e48f1c45478270b170955c88b1de606e2
SHA512 a6f688905b8c0cd8565b4758ca6b14c6cc2bdaf1cabd8fc1dedbfb69becfd656bf332ff63a8bbf2a9b4c1f4efccebf324d4e4927b57daf79cfc1bfe783b62333

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ci8VN9.exe

MD5 edf6d38652bd6de386e305a27dfee5c9
SHA1 2ccc25909c5c14539a98d257fec1cf6fed8bf775
SHA256 23d15502688bb01c2a2153dbe88e927e48f1c45478270b170955c88b1de606e2
SHA512 a6f688905b8c0cd8565b4758ca6b14c6cc2bdaf1cabd8fc1dedbfb69becfd656bf332ff63a8bbf2a9b4c1f4efccebf324d4e4927b57daf79cfc1bfe783b62333

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

memory/5164-77-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5164-78-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5164-79-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5164-81-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eK23WF.exe

MD5 c7d51614fa984c894f78343c8b3351a3
SHA1 13ac29fffce04ed13264b206961f619ab9b2d8c1
SHA256 696d4416c19856f305a0c527f5dd51a34e00c4f6dfef2f48aa27ecb7aa39bc21
SHA512 08e107eabb343d73045d7a4fd12ba9bb627267312cd97d2eec1ed43796a4de8a13baa7e2cc62997eaac5b325dba57a43175fbd6e24dd5a77778c6a3a0879233a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eK23WF.exe

MD5 c7d51614fa984c894f78343c8b3351a3
SHA1 13ac29fffce04ed13264b206961f619ab9b2d8c1
SHA256 696d4416c19856f305a0c527f5dd51a34e00c4f6dfef2f48aa27ecb7aa39bc21
SHA512 08e107eabb343d73045d7a4fd12ba9bb627267312cd97d2eec1ed43796a4de8a13baa7e2cc62997eaac5b325dba57a43175fbd6e24dd5a77778c6a3a0879233a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1500_OCMQPTEQGXXAVBSN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4272_DGYOVJTLLMXCUNBR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2512_AGIHBNHKVGVLGTZU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3392_LKCNFVIXICANYDUC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5048_NHYQBZVSOBIJLDOW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4440_HUGCXGEWBSFSOHIO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2560_SFLILMMSPYRDXQCF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_892_PCOUUYFESEKSRVGO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1648_WNRKGHVCJMVSCUCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4320_BCTJJUGFZSJZPFOW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ea20e384-7f62-4161-a1f4-598b600b2ebc.tmp

MD5 e4b495c709a1488c3a6cee15e4f28a9e
SHA1 e976e3d1d50df601fe38e1905a9aa6010089c0db
SHA256 36c946ba058b423fc69f36ddbd5fa010ff42ef09e410d83fc51b8113a793316f
SHA512 ca1825e39629dd8eb712b6f4937787774b553f27b21c8e5fb22cb593bfee548676f8f7589819e78c22e3873c2a59b43f72de5109c8a3c797d1e9de02aba284d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f72bb9dd044ced5ea55a5f074b482714
SHA1 899d4e197a35b3cfdca63c03fd2e98f7bac76a57
SHA256 05eaa9945dc0c2fddff87ff6b068f2d1b987ea1913c9f4488a2a859954bf4b0f
SHA512 18141e980c92ceadaf380c43cb17eb7c615f1bd42183d57145b512a1824a9a54f0512f64a0c81cde3fd20a05615528d1178c88175e4dfd89d2674332ab81e06e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7fc4b57c-f8d0-489f-9249-4a7436987374.tmp

MD5 254331f5ed51440eadde07ad284d41dc
SHA1 886d1879275c2cc9d184069939100833a06b738e
SHA256 5f5e35043b211c577f2986c0073b4eb36967980fc3e1ec06166599463ffd44de
SHA512 4e10d3caa98639e9e97ac61f6e62bc12694e3eeb943f136b3860f0812fb9c81e11bd670c00778d4c65e24bfc8d15d20cc05db5de2463bb9f3cc314f3e859d937

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dd9a8d145f0973f99e1333cf0019bbe2
SHA1 ebd3e880d2f11d7f9869f7fc4ff6e1c7e5fd2711
SHA256 ed6e0d220518f7bd6f3975b289054a24f4afdc1ef735c7f80f95fbaf49ae75ab
SHA512 c76f6618aae342888ba4e695f407d787c15be0c29854906444763d3534c8af947a7847f3fe87c2c6d836c340bea72c18ba7fc2d5b81f35589e1dd610213955f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a42dd707-bb36-4501-b2bc-8b10e33c218f.tmp

MD5 dd9a8d145f0973f99e1333cf0019bbe2
SHA1 ebd3e880d2f11d7f9869f7fc4ff6e1c7e5fd2711
SHA256 ed6e0d220518f7bd6f3975b289054a24f4afdc1ef735c7f80f95fbaf49ae75ab
SHA512 c76f6618aae342888ba4e695f407d787c15be0c29854906444763d3534c8af947a7847f3fe87c2c6d836c340bea72c18ba7fc2d5b81f35589e1dd610213955f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f72bb9dd044ced5ea55a5f074b482714
SHA1 899d4e197a35b3cfdca63c03fd2e98f7bac76a57
SHA256 05eaa9945dc0c2fddff87ff6b068f2d1b987ea1913c9f4488a2a859954bf4b0f
SHA512 18141e980c92ceadaf380c43cb17eb7c615f1bd42183d57145b512a1824a9a54f0512f64a0c81cde3fd20a05615528d1178c88175e4dfd89d2674332ab81e06e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b807053d92d029ff84d480fa2928ce18
SHA1 f3eef2bc5cdd88afefc41c836571b099a17daf71
SHA256 75a7ef1ece804adba3434081542774fdaa84feb990b0919149d7b2b0c727d9a3
SHA512 5d038c41933b03c7cd065b1b6402bda63e6f845ac22dfabaddcfe7cd40c87c06c78834b993538466100cc515e632c9de4e83095b3fb50c2b4f4612ba2c8f07f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\86556bcb-03db-4b7f-b179-433d2a6a58e3.tmp

MD5 b807053d92d029ff84d480fa2928ce18
SHA1 f3eef2bc5cdd88afefc41c836571b099a17daf71
SHA256 75a7ef1ece804adba3434081542774fdaa84feb990b0919149d7b2b0c727d9a3
SHA512 5d038c41933b03c7cd065b1b6402bda63e6f845ac22dfabaddcfe7cd40c87c06c78834b993538466100cc515e632c9de4e83095b3fb50c2b4f4612ba2c8f07f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\73964c75-a82d-4aaf-9d77-28c11314e699.tmp

MD5 24a89ea96a80a7cefd26e8b81f1c8ace
SHA1 071ec42545ae99d8c8f7fc990f9c92d86bca1b91
SHA256 42448173a7371f2fc8bdc593ad894664e4a3351cd7fab9562c3700c765e7b862
SHA512 b1df6403bdb82fa2b8ecbf842581df0eb23d465498bf2965b30685c9938f6fcdd3bd5f6b1eaa6c37abb64cc92626be536d4b0ea24b3793e212d73b4b31f697c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 224f4594c2ed24ea6d27ea9ba82d04aa
SHA1 2e68349cfb77cd9bb5893ff1a3c445e8cca1814c
SHA256 03e73782d1fb0afad5cd725a5964c3ca847b794262867e7104535fcad54bd1c2
SHA512 4a29ff41bee9e540bda4e4afc659bb3986202f3ce15bbc545dcb98a9355f44c92fb27022acb7fd4b6a845df8f1b4623c9e9311da00b77a2d2426da9eb6d599a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a64e64bc-33f0-421c-ade0-427a6783fd52.tmp

MD5 d36fac1e3d4d18b01ef2743e0355a8db
SHA1 0635e6d8e144f227be7f72d1c6c7de0db83ad5a1
SHA256 88f0fff67f1f21d226da1e1ee2ef91e4b6be025a7957c1e004e6d021e373729d
SHA512 5b7479bd6928d8047c2bfdf8cf6104e00ba490be866c4f4239efbe1368f05fb12ba07e79484115e1c18c66e163672ae08973e743fbd287d8a342e47f83d126ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 224f4594c2ed24ea6d27ea9ba82d04aa
SHA1 2e68349cfb77cd9bb5893ff1a3c445e8cca1814c
SHA256 03e73782d1fb0afad5cd725a5964c3ca847b794262867e7104535fcad54bd1c2
SHA512 4a29ff41bee9e540bda4e4afc659bb3986202f3ce15bbc545dcb98a9355f44c92fb27022acb7fd4b6a845df8f1b4623c9e9311da00b77a2d2426da9eb6d599a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 254331f5ed51440eadde07ad284d41dc
SHA1 886d1879275c2cc9d184069939100833a06b738e
SHA256 5f5e35043b211c577f2986c0073b4eb36967980fc3e1ec06166599463ffd44de
SHA512 4e10d3caa98639e9e97ac61f6e62bc12694e3eeb943f136b3860f0812fb9c81e11bd670c00778d4c65e24bfc8d15d20cc05db5de2463bb9f3cc314f3e859d937

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24a89ea96a80a7cefd26e8b81f1c8ace
SHA1 071ec42545ae99d8c8f7fc990f9c92d86bca1b91
SHA256 42448173a7371f2fc8bdc593ad894664e4a3351cd7fab9562c3700c765e7b862
SHA512 b1df6403bdb82fa2b8ecbf842581df0eb23d465498bf2965b30685c9938f6fcdd3bd5f6b1eaa6c37abb64cc92626be536d4b0ea24b3793e212d73b4b31f697c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6883a8d0-5277-40eb-a6f4-4d00f5b7578e.tmp

MD5 cc987911aa9971efc2e04877a2b91254
SHA1 f1486dee52978460bb86ec45027e1f542b45192b
SHA256 bc3b62c2061ab0e648c78f390715af97aaf21c2aab175958de5c06dc01214dd9
SHA512 6c0885ef1a0263c49f1c7296417e9aada8547af3da5897d0b7cbc1083e4fc62ff702aaa0f41f2c3d96232e000a2d304efccfe8d176ce6864aa79ff1d52cf1349

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d36fac1e3d4d18b01ef2743e0355a8db
SHA1 0635e6d8e144f227be7f72d1c6c7de0db83ad5a1
SHA256 88f0fff67f1f21d226da1e1ee2ef91e4b6be025a7957c1e004e6d021e373729d
SHA512 5b7479bd6928d8047c2bfdf8cf6104e00ba490be866c4f4239efbe1368f05fb12ba07e79484115e1c18c66e163672ae08973e743fbd287d8a342e47f83d126ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b807053d92d029ff84d480fa2928ce18
SHA1 f3eef2bc5cdd88afefc41c836571b099a17daf71
SHA256 75a7ef1ece804adba3434081542774fdaa84feb990b0919149d7b2b0c727d9a3
SHA512 5d038c41933b03c7cd065b1b6402bda63e6f845ac22dfabaddcfe7cd40c87c06c78834b993538466100cc515e632c9de4e83095b3fb50c2b4f4612ba2c8f07f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e4b495c709a1488c3a6cee15e4f28a9e
SHA1 e976e3d1d50df601fe38e1905a9aa6010089c0db
SHA256 36c946ba058b423fc69f36ddbd5fa010ff42ef09e410d83fc51b8113a793316f
SHA512 ca1825e39629dd8eb712b6f4937787774b553f27b21c8e5fb22cb593bfee548676f8f7589819e78c22e3873c2a59b43f72de5109c8a3c797d1e9de02aba284d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 254331f5ed51440eadde07ad284d41dc
SHA1 886d1879275c2cc9d184069939100833a06b738e
SHA256 5f5e35043b211c577f2986c0073b4eb36967980fc3e1ec06166599463ffd44de
SHA512 4e10d3caa98639e9e97ac61f6e62bc12694e3eeb943f136b3860f0812fb9c81e11bd670c00778d4c65e24bfc8d15d20cc05db5de2463bb9f3cc314f3e859d937

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24a89ea96a80a7cefd26e8b81f1c8ace
SHA1 071ec42545ae99d8c8f7fc990f9c92d86bca1b91
SHA256 42448173a7371f2fc8bdc593ad894664e4a3351cd7fab9562c3700c765e7b862
SHA512 b1df6403bdb82fa2b8ecbf842581df0eb23d465498bf2965b30685c9938f6fcdd3bd5f6b1eaa6c37abb64cc92626be536d4b0ea24b3793e212d73b4b31f697c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d36fac1e3d4d18b01ef2743e0355a8db
SHA1 0635e6d8e144f227be7f72d1c6c7de0db83ad5a1
SHA256 88f0fff67f1f21d226da1e1ee2ef91e4b6be025a7957c1e004e6d021e373729d
SHA512 5b7479bd6928d8047c2bfdf8cf6104e00ba490be866c4f4239efbe1368f05fb12ba07e79484115e1c18c66e163672ae08973e743fbd287d8a342e47f83d126ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 224f4594c2ed24ea6d27ea9ba82d04aa
SHA1 2e68349cfb77cd9bb5893ff1a3c445e8cca1814c
SHA256 03e73782d1fb0afad5cd725a5964c3ca847b794262867e7104535fcad54bd1c2
SHA512 4a29ff41bee9e540bda4e4afc659bb3986202f3ce15bbc545dcb98a9355f44c92fb27022acb7fd4b6a845df8f1b4623c9e9311da00b77a2d2426da9eb6d599a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8948c657daa5ad7679776963f3788920
SHA1 5d43b4adc95c1a0fcc453ba6cf93ddbd6c1000b9
SHA256 3f08b6db8b1df5d436ef176cd0890e1b57b171187e35971d470467ae386a351e
SHA512 40c3ac73884ed36f4f7452df61a602725edf8839255248ef482a2fbda749a1b6b6eae3b630ed92be4b9bcaa41f37549ee09b12616ea0e943557d0b2501d9628e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60398cb6e61e999607c8b73dba25f608
SHA1 2ffd0b16b76af62e8718b4f1525fd8d3ddeec9c3
SHA256 159a77a924749a6c44de2c83502422c4ed30cd3f61cccbd3c2ddc1944c6740f6
SHA512 0a1b229addfdb39a6fc753a020ed1eb8290e4d884cd5e7aab6c68bcf6307378847d01a930c98fed9e23838262c063fe793c7d1c3e76e6cefe4e0b71758fed1f0

memory/6164-441-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5743c3d65879115488b0803d134d148a
SHA1 759b4ccecb58c0ba39b47902b3db953bbb2ff505
SHA256 62e2454d645dc9f773f56050ae7890a196c9851b38d528b85b141d1cf65885ee
SHA512 54e1e225fb54812768fe52c959cb2f69e1e76171ef6a811dfe5efd6f6a7a5a30c2b7b75e3c007b17a7ed425a7ebb2bf06e5a10b72c20aa0e0fae969cbfcdb0c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0adc015bf72f458d3c894d293c9b35cc
SHA1 a7f2d03d7fb9425f56f2e7c3c2fdc8fdfef65cf5
SHA256 3bd524a6e4c2310fdc8970b8cd403a11f84dccafd13c3a714d534d7e9a8df7eb
SHA512 6fbdf7928c3133e5fd6d800c3665d80327333706deb27ee1d948e77c0b6d9652d5030cd36616a572e286d71a45908d5c2d00882ff8f148fbedc3af325f0d3ea5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8debc11e527edaafecc1ad122c5d8b11
SHA1 eecd72fcd15c65b18a609d40ef3b6d203c92fe4b
SHA256 eca9a7110dc77766f60675f5fd4483fecde78c898b69c07be9e8511b68567724
SHA512 84e012b7f9f2213cee14a3f7c9d11f06d7ce88ed166b4f70b49d0feaa245fd757edb41d9fa8fce296f020028e3c733dff6e7520cad8ccafd4a630984df89d5ac

memory/6164-719-0x00000000746C0000-0x0000000074E70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b25cdd4264b557254a7fa8de52d82130
SHA1 38f2b1bfc3bb5717f3d5b395be1eb9294d58eeaf
SHA256 0593277165cc4d6e135f8ea25a9244fc41672ccc2d98aa9b4d1303d00641e71a
SHA512 47df968aa5d52926dbca211bd6055b0f536c7e9e5903ee58e30c649d60d07312e776ca3a2557588d2b1d798c43c5a78add2062b292a72c15b3430067c31ba9a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59b6c3.TMP

MD5 e8d78cf665942772fbc3d83be001126b
SHA1 89f104df36f5a511be451f825dbf013614869224
SHA256 731765303c94c2359d2f69390e51429266642ff5dd52bea954ac323ec978dcb3
SHA512 901b20898d925f5d55e3a71ca4299f63301d7f01510258e661d9e57a5875f367d4d0ded69466d7fb43ee8eb42ac2294a53cbc55ccb507665c4abb5b0c5a26b7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7eea60aeb95d89aa9f6a7798db0f796
SHA1 027f91901bd49ee58b90a9d1180f432b253097b0
SHA256 e42a1ce7104d70716dd5878fededfaeada1a35141eed98811a06eaf7439c94fa
SHA512 1f5acc60f4e4cdb009ac74cbd045b27b6067773d89e32ecf0cd2384ff322595ab1eb37247ffac3569f5a37f1ff2a44174af5f8f8c184e8bc325ed723580812ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 048e7d591093dbaa229717c091b8e093
SHA1 5cf7a6387508865a3a3dc2c36bc745d040e79c33
SHA256 4fe7318e94a8c8639813d3dbb43573106c960a2227509a06df1f7a97d85aea25
SHA512 1909170f9051a091d08ec60b7596da8f72dcfe72f8ba7085128bc15082de40f9b350a4b33bc45a4f019d80b4c4b9ddf8fd738d9e0cce1d340d4fd48265620d33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1249cdec7baf0b9a1642ae8e06e6b5cb
SHA1 6161647f70945bb2fc2b6952d1e83abea9bcc4ef
SHA256 4ec8d4d3cdf9cca8955915e5808062bff5b3144f4d96aaafab6fd49fa26f178e
SHA512 18e49ad8da8b8b55524f3a1701e02f8a3d4ecc910aa611ea5a2eb036b32ffd59ed7df82ab642e63f5163a1ed10485381e54d615a20591f7136431a2a59cc7636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 557d8c1341bdee18fb879d16542746ba
SHA1 9d9df16b3c3ae58b37a5788b2a1cb5f75f17ff4c
SHA256 7b71d838e3cb7036d8d2ab6ec472b22d80abd14d43ed64f350f85c89a9f7a5a4
SHA512 d3de697bdac78617adfd3e72c9e789d23c2d834a96a85049ce32ff66f3c2950abf477a73c7698da403cf613887fb1a8526679b0a58eb525b4f4537d8bc62da77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59ff84.TMP

MD5 16304aab3b474978900124a4d3391c0d
SHA1 30686b97609e0ed57a005596fe4f37ba4c0c7f4f
SHA256 9a38e8ba3820f6e23a3cc69d0653a56b70afbc98b24649a2d5f3cb9f6abf22b9
SHA512 1591126e5a3ced453e071d5cc6562968c45a4b17b02aa17ed57f17b1d898864c427330ab9caa3a8e8bc3a0ad20efc5568b444e07eedcfa75bf441d9804799e52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bd4c46d7137aa4e2a77986147f749e33
SHA1 ab84b59256d8ddaafa68214e897212f99f7027ad
SHA256 bba11e9374b2c871f9844299d4ad0cb0f35ec5f5f773e98ebe0d0ff685a37a4e
SHA512 898f8c2ff79911e66f8708bc12be6f7066506e5682c5a675c3dadc55af5d2e69dc9bf35ff28d5b43da3ec9ce8185b7f78e0446fa675bf5dd7d4330376efaff5d

memory/6164-874-0x00000000746C0000-0x0000000074E70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55b84a10aa36119a2b84791bbea6ddf5
SHA1 630591d9dfa5bfd5cc4e38a60da652cd83a080b6
SHA256 275d05f4827de8e73d6c1ba7a5d3c66d225cad730f3ff597839457dbb6de50bc
SHA512 5957ade9513f0c4bc085626191a127b4f04ccfee89c00de9b7d015d11aff46041a74a35feed8f8cdd159cd44fb081d38fa40243aa302e7577914730e0f486897

memory/6164-972-0x0000000008350000-0x00000000088F4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8633d6d1e60d20904c59304e3529c8bc
SHA1 d86e05107cf4d303ff13a4a13c9177b1d3b90667
SHA256 31834bb72a912f823ba259fb835a2f5f6e103eb9a7de74b016d4364b08fbdc16
SHA512 501d7ccac27051703aa43b6fdbdae408658ff6eed6e0d127696bba7599158001779d9f41a8fb8e48840b7c55780deda5491d7a8681991800e8c1e547a7520a18

memory/6164-984-0x0000000002E70000-0x0000000002F02000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6b14b03b1b3a841cb51f8d49c5ced99f
SHA1 512c046ec9ef3ba35bdc96c7654b72bca57450ea
SHA256 3b8b6bc00d8a1adc407e37a3efaa237a8302ae3010c1739ff4d077f4df4e8ceb
SHA512 6d6926ef5c25804fe9ddda656e2d5d12bac22e1cc3d3537d3f7a0fc9f6de8888aa6907b0b78982f3987554b9df14cb3638661fe7155ffcdf7b83443c9e42172c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2389e1076d8d8935ab5c3b211f4b18ee
SHA1 7516c83d22a4da12599f427fefdbcd2824519855
SHA256 4422667f4914241118f6bd953213af1289d4bbf8eb50e7cd0e3408af0a93911f
SHA512 66edcbf91d090dba3c55ceda6d2e3ebe844ac7a266273cf8a9c900018dcbb2c52bfd396a0e7bb0ca2b2570466c1f05950ed94134c20d9eea8f371ecf09cca04c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 170218ce9d7b9b18986c046c4ce22bfb
SHA1 c53910549718c0278191122c4263e76331c28b2a
SHA256 09c298141f83d95b6d2f36bf4b2953d7fd885db0df5256247c48a4c89ae8151b
SHA512 5617e4b08dafe0b6440c218fc5f7c0d926c023129def84b2cffdb7752adbff4e765e0e8c890a9056efb5ed92d8fee7e48d1b94d8a84474c302af97159002fa4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8b3517e3-0a67-4545-83f8-7e40660cfe48\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 b0702864b64e3a1b16e77d79f67dffdf
SHA1 5b9377ae134538c2a9225031a79a67b49f46a6d1
SHA256 3c8453e7599b41c6355dece3396c1673aef330638fa394c0984fe78528c174c4
SHA512 e8744c3cb1a7ed1eda1c7bee7d373ea9615bdb8182bc77804eaa8bbbc7c7c84eb7f61b626564b6ad18c5620332bb6d9124b5d277806714009d89c81a4cb256ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 0a79510c0e1bcfc7795885bae1074815
SHA1 c4d66654e4c56064ce485fdb58231679a8c375c3
SHA256 c6d5bff570e4358532bf28fc89c2a9fbdad9409580a00016eaa1ddd7dbaf22a5
SHA512 c27ad4e137cdb34e393cb8ef0aa9addf2cb46fdc77402d226bc9587a2a61b9106d5cf7152957537aa3eb07459248e730475fcd1c9b645c9a5fc610eaf2420909