Malware Analysis Report

2024-12-08 01:24

Sample ID 231111-mq39hsef36
Target 341f8a069dcbf713a42936d787d8a0d1.exe
SHA256 6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747

Threat Level: Known bad

The file 341f8a069dcbf713a42936d787d8a0d1.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine

Detect Mystic stealer payload

Mystic

RedLine payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:41

Reported

2023-11-11 10:43

Platform

win10v2004-20231023-en

Max time kernel

155s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\341f8a069dcbf713a42936d787d8a0d1.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\341f8a069dcbf713a42936d787d8a0d1.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4624 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\341f8a069dcbf713a42936d787d8a0d1.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe
PID 4624 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\341f8a069dcbf713a42936d787d8a0d1.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe
PID 4624 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\341f8a069dcbf713a42936d787d8a0d1.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe
PID 5024 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe
PID 5024 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe
PID 5024 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe
PID 3480 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe
PID 3480 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe
PID 3480 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe
PID 3456 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1668 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1668 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 2176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 2176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5096 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5096 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 720 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 720 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 720 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 720 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1744 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1744 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe
PID 3480 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe
PID 3480 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2088 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\341f8a069dcbf713a42936d787d8a0d1.exe

"C:\Users\Admin\AppData\Local\Temp\341f8a069dcbf713a42936d787d8a0d1.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffae47046f8,0x7ffae4704708,0x7ffae4704718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6462679906659477815,5622306912638899549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6462679906659477815,5622306912638899549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14591452088889553399,4892641658742390782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14591452088889553399,4892641658742390782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16643913085551755157,7894715205074553521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16643913085551755157,7894715205074553521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13098733497280995574,3909683754888190321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17432062883457912480,9660082659550713523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13098733497280995574,3909683754888190321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17432062883457912480,9660082659550713523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,3740990214575034288,10176466841357322966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3740990214575034288,10176466841357322966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,14376599181356178947,9994173003693536224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4931827179471986006,17933393219566940931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4931827179471986006,17933393219566940931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15490176209211105884,17102371189874272503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15490176209211105884,17102371189874272503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,14376599181356178947,9994173003693536224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ep35OE.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ep35OE.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7496 -ip 7496

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6rW887.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6rW887.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1772 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4355223596366890834,460609414225890086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 44.193.60.169:443 www.epicgames.com tcp
US 44.193.60.169:443 www.epicgames.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 169.60.193.44.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.158:443 video.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe

MD5 c3cae981698ca72e7dc12eb19510d3e0
SHA1 df3435edee3e2c5af567efde58bc7f741059df53
SHA256 2e8cfeb7beb991d986bebc7eb5f0d5605fbf6fed8bfbd6a8dc3be4b0982f2197
SHA512 e693f1ac184bdaa43815cafe9635165dbdeece8226c7025426671fab99ed863fc9f920d18aa0310f1f8becf9a8cb98e3aa4ad3247ba4f9c665bd37151fb13ecb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe

MD5 c3cae981698ca72e7dc12eb19510d3e0
SHA1 df3435edee3e2c5af567efde58bc7f741059df53
SHA256 2e8cfeb7beb991d986bebc7eb5f0d5605fbf6fed8bfbd6a8dc3be4b0982f2197
SHA512 e693f1ac184bdaa43815cafe9635165dbdeece8226c7025426671fab99ed863fc9f920d18aa0310f1f8becf9a8cb98e3aa4ad3247ba4f9c665bd37151fb13ecb

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe

MD5 32dce182412855c8ec365681dfa0031f
SHA1 a4e9646135d5e23d264a2494688efd7a4682063c
SHA256 0050a09abc512245e5a350322d315181709ec311b385fd47564845e75193df29
SHA512 a29fca2c9b9f77d5a27fc7554e35283fc59ccfb3d05ba64bfcd2b9cf7714404a866777b101de5ab8485956b0d4765971bd6c5cd4bf369bc805c82f6ef926c6f5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe

MD5 32dce182412855c8ec365681dfa0031f
SHA1 a4e9646135d5e23d264a2494688efd7a4682063c
SHA256 0050a09abc512245e5a350322d315181709ec311b385fd47564845e75193df29
SHA512 a29fca2c9b9f77d5a27fc7554e35283fc59ccfb3d05ba64bfcd2b9cf7714404a866777b101de5ab8485956b0d4765971bd6c5cd4bf369bc805c82f6ef926c6f5

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe

MD5 4278f00a606bbe96b657c0fe08832c67
SHA1 799bd18af64bc730d9c28539e72c4006958316aa
SHA256 d267adbd29d335e178dd8eec1855f2e3b8636711f56ed8fd957a7fba5fc2630a
SHA512 ddfb5cc0ac744ca8e32578958edb9aecdb99325e0a91deedb1cde892f7ad12807c76a5acb2a2180af0c7382107520dadc118e8cdb6749db797420a43f69a9944

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe

MD5 4278f00a606bbe96b657c0fe08832c67
SHA1 799bd18af64bc730d9c28539e72c4006958316aa
SHA256 d267adbd29d335e178dd8eec1855f2e3b8636711f56ed8fd957a7fba5fc2630a
SHA512 ddfb5cc0ac744ca8e32578958edb9aecdb99325e0a91deedb1cde892f7ad12807c76a5acb2a2180af0c7382107520dadc118e8cdb6749db797420a43f69a9944

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe

MD5 c2ebcf8610690c5bd9af9694d317d6d0
SHA1 f4f27f46421bba81242c2b88453cf91c60d92cb3
SHA256 d889d484a3840a7eb92f3147edc2b655e39d0f4b8aeb2faf418f86bdc986deb4
SHA512 7aeebded40804c68889d19319a56edb710e976d7f2b48484693db321681d19f7f4c3356948810089390592ec4c88355940b2a2a46b3bd9d6be2c0243c7f2a6e0

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe

MD5 c2ebcf8610690c5bd9af9694d317d6d0
SHA1 f4f27f46421bba81242c2b88453cf91c60d92cb3
SHA256 d889d484a3840a7eb92f3147edc2b655e39d0f4b8aeb2faf418f86bdc986deb4
SHA512 7aeebded40804c68889d19319a56edb710e976d7f2b48484693db321681d19f7f4c3356948810089390592ec4c88355940b2a2a46b3bd9d6be2c0243c7f2a6e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_5096_KQEQGVOIVCFTFSEV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2088_WAZSPIYEMCSQCYRC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_720_EHMJKHROEJPRETSH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3032_IOHOTLGTDTXIVBNX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_552_EMQEKADCJXBEMZBG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_872_WHKILZBBUVKRUTBP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3388_ARGMZYVSLYVGEODG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4524_SATOUCRPAPNLXAVJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1744_ECMDWGNHNRDYXQQH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1668_TRNYCTLKNUSPUEKP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 38c4396393b4a1a8268039b286f7696b
SHA1 e054071dda37a2f0e073b070f4c3274286b9b268
SHA256 589ddede12e63ea7c502e7ea2fc4f88761923b2103220c4ce0a5806b751a21a0
SHA512 07ae8dcbaae71f1b635582b7a86c6c854b9625dcbf35986ec91fe7074adda54c3a3203905f9e1816caed0c37fe264710fdd548c51501a1f876bdf8931252e0ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 38c4396393b4a1a8268039b286f7696b
SHA1 e054071dda37a2f0e073b070f4c3274286b9b268
SHA256 589ddede12e63ea7c502e7ea2fc4f88761923b2103220c4ce0a5806b751a21a0
SHA512 07ae8dcbaae71f1b635582b7a86c6c854b9625dcbf35986ec91fe7074adda54c3a3203905f9e1816caed0c37fe264710fdd548c51501a1f876bdf8931252e0ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e3af3ef7667a182fb78a46152e953b0d
SHA1 fd423ab5cda9c3bf9b1a7e370efc15543cdc81d1
SHA256 325092a4ffdd8349407d4a804e1aa4363a916741af6d16521d5c6e8f9124d10d
SHA512 e0efe81beacc7067b72329fde010c49ed78cf45bf4b6afc49dfe9165a223f0c8ed42c663a414f76ec12c7e3169acbc9e1fd5841dc50cb9832397d3d2da007c41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5d9dfc48-553d-4b4e-9ec5-65379c45bead.tmp

MD5 5e123635e1a964569044fa6b4c039195
SHA1 18b0c8b47543daf482a07b6ddb467def16304a08
SHA256 80641269d5b10cc008903157a41860e08c771657093249bd3997b35c57a5b6f5
SHA512 8c409e2e4c8cef92aeb11eb7cfb593922bca70b62fa63d7f825036a9bf81621a467cd6d63bc9eff1d6d7c2c050cf1ab543ff98410f75af83442dd391fef1c3f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 38c4396393b4a1a8268039b286f7696b
SHA1 e054071dda37a2f0e073b070f4c3274286b9b268
SHA256 589ddede12e63ea7c502e7ea2fc4f88761923b2103220c4ce0a5806b751a21a0
SHA512 07ae8dcbaae71f1b635582b7a86c6c854b9625dcbf35986ec91fe7074adda54c3a3203905f9e1816caed0c37fe264710fdd548c51501a1f876bdf8931252e0ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e3af3ef7667a182fb78a46152e953b0d
SHA1 fd423ab5cda9c3bf9b1a7e370efc15543cdc81d1
SHA256 325092a4ffdd8349407d4a804e1aa4363a916741af6d16521d5c6e8f9124d10d
SHA512 e0efe81beacc7067b72329fde010c49ed78cf45bf4b6afc49dfe9165a223f0c8ed42c663a414f76ec12c7e3169acbc9e1fd5841dc50cb9832397d3d2da007c41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d2bb34bf-b147-46e5-a475-9d671392ee19.tmp

MD5 48ad21c15e17196e476cb3698880b66a
SHA1 58875d6e1b94fc8874d109a6e4bb07b4507a8d2a
SHA256 7a14d98556bb39cb9d53b7d6645b3bf992e776e316a475f524f3b0387da1ccb9
SHA512 369f56b52c90273d6b202c1cf4fd2b3d54f5c1daa7e0f50daeb89547c1ef2fac3b098398a07e5f3f601e60e4be09f23e81ba9427e93d4e8be9bde65e878431b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0fbae6f8-c8fc-493b-9643-bc571233893b.tmp

MD5 6e27a1ee16d2b96cda386f23b3c20ac9
SHA1 dcbee7e9627aab32c13337654c861d2fee68d2b2
SHA256 fede064e5fa98b0f56e519410a2846c12a643821f9cbad87c4dfd6ab68e9769d
SHA512 77489446ea9c1dd2e0804182e3cdf6ba7ea3f39564a4a8737a0a4f30c8ef6545b795e560b68cb11c6aeae88c9a67e229e87e9dc796a8da37d29331a27f51bfb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0ebe374d-9e05-433d-beee-a61460b25135.tmp

MD5 8650a16813075d5dcf912fd72eec326a
SHA1 25307a3e8370cdb7c63f65ba7eb66180f52441bf
SHA256 d4ad6b04a1427d2814745f7199d355462a5d4321773d0ea319b96e26b91745d8
SHA512 9918c519a5814e65d89a9500595ca88c5bd3ecace06a1416b0e69644405171de7765020b973fac1db1ce6a34c63f093c4de6e65240e23e5b732892314f34d067

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b52b54c6-c28b-476c-b119-f29160153ca5.tmp

MD5 fe5ceb55012401b4003510e516961f6b
SHA1 534f7fccb21a275ad85899bd532416e7e8e194e0
SHA256 5b88a6b1685e0027f520856ea8b11770254b2dc24bfaaf9a6d53e2ae541942df
SHA512 6baea26d9436bed4063899d4b47850fe33fa7b991b20bd836052ed10530685e83c6ece6f11c8b2d4ed3bbdd2f1233163a449a584bdce0a2da9783cedc60fd80b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d318cbe772e987342f3a6b60813b239
SHA1 9edf3a80afedf948a68e7146bff0c9b6d1b5ad92
SHA256 5c78bbce048eae2fd2783a7277e1e6607df3cf315aa1b06b047ac07f7162b5a9
SHA512 0fb02449b15efc399be87181b831bc214ff7f88f122c3c5e69c11de15376ee1dcc05cdf0c8df8a3e6377c38a38ac4ebda4f1ce4aff29dad2fe1c4327e44b0466

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e123635e1a964569044fa6b4c039195
SHA1 18b0c8b47543daf482a07b6ddb467def16304a08
SHA256 80641269d5b10cc008903157a41860e08c771657093249bd3997b35c57a5b6f5
SHA512 8c409e2e4c8cef92aeb11eb7cfb593922bca70b62fa63d7f825036a9bf81621a467cd6d63bc9eff1d6d7c2c050cf1ab543ff98410f75af83442dd391fef1c3f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8f987c85-ac93-4967-a4d4-c8ef7cf82ff7.tmp

MD5 8d318cbe772e987342f3a6b60813b239
SHA1 9edf3a80afedf948a68e7146bff0c9b6d1b5ad92
SHA256 5c78bbce048eae2fd2783a7277e1e6607df3cf315aa1b06b047ac07f7162b5a9
SHA512 0fb02449b15efc399be87181b831bc214ff7f88f122c3c5e69c11de15376ee1dcc05cdf0c8df8a3e6377c38a38ac4ebda4f1ce4aff29dad2fe1c4327e44b0466

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d7584415-49d0-4fb8-ae12-4a2997faae19.tmp

MD5 dcf1aa13a20ab92fcf6f25b8e37dba2b
SHA1 ef85d453c4e11ca90c97294b9a22232f17a9aea5
SHA256 f61e16a244560c3b5794fe26b852cfeb899da2dc3c5b393f923a9c7bed225412
SHA512 4ef40fb21c1669812adc1e8db1405dbaa70c117c6ad4e2e9f36dcea74547e5de326b46a01909bbd1c9323491895ff27bddcbdcdf0726836f3243ff963b04d460

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 48ad21c15e17196e476cb3698880b66a
SHA1 58875d6e1b94fc8874d109a6e4bb07b4507a8d2a
SHA256 7a14d98556bb39cb9d53b7d6645b3bf992e776e316a475f524f3b0387da1ccb9
SHA512 369f56b52c90273d6b202c1cf4fd2b3d54f5c1daa7e0f50daeb89547c1ef2fac3b098398a07e5f3f601e60e4be09f23e81ba9427e93d4e8be9bde65e878431b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e123635e1a964569044fa6b4c039195
SHA1 18b0c8b47543daf482a07b6ddb467def16304a08
SHA256 80641269d5b10cc008903157a41860e08c771657093249bd3997b35c57a5b6f5
SHA512 8c409e2e4c8cef92aeb11eb7cfb593922bca70b62fa63d7f825036a9bf81621a467cd6d63bc9eff1d6d7c2c050cf1ab543ff98410f75af83442dd391fef1c3f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8650a16813075d5dcf912fd72eec326a
SHA1 25307a3e8370cdb7c63f65ba7eb66180f52441bf
SHA256 d4ad6b04a1427d2814745f7199d355462a5d4321773d0ea319b96e26b91745d8
SHA512 9918c519a5814e65d89a9500595ca88c5bd3ecace06a1416b0e69644405171de7765020b973fac1db1ce6a34c63f093c4de6e65240e23e5b732892314f34d067

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e3af3ef7667a182fb78a46152e953b0d
SHA1 fd423ab5cda9c3bf9b1a7e370efc15543cdc81d1
SHA256 325092a4ffdd8349407d4a804e1aa4363a916741af6d16521d5c6e8f9124d10d
SHA512 e0efe81beacc7067b72329fde010c49ed78cf45bf4b6afc49dfe9165a223f0c8ed42c663a414f76ec12c7e3169acbc9e1fd5841dc50cb9832397d3d2da007c41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e27a1ee16d2b96cda386f23b3c20ac9
SHA1 dcbee7e9627aab32c13337654c861d2fee68d2b2
SHA256 fede064e5fa98b0f56e519410a2846c12a643821f9cbad87c4dfd6ab68e9769d
SHA512 77489446ea9c1dd2e0804182e3cdf6ba7ea3f39564a4a8737a0a4f30c8ef6545b795e560b68cb11c6aeae88c9a67e229e87e9dc796a8da37d29331a27f51bfb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dcf1aa13a20ab92fcf6f25b8e37dba2b
SHA1 ef85d453c4e11ca90c97294b9a22232f17a9aea5
SHA256 f61e16a244560c3b5794fe26b852cfeb899da2dc3c5b393f923a9c7bed225412
SHA512 4ef40fb21c1669812adc1e8db1405dbaa70c117c6ad4e2e9f36dcea74547e5de326b46a01909bbd1c9323491895ff27bddcbdcdf0726836f3243ff963b04d460

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe5ceb55012401b4003510e516961f6b
SHA1 534f7fccb21a275ad85899bd532416e7e8e194e0
SHA256 5b88a6b1685e0027f520856ea8b11770254b2dc24bfaaf9a6d53e2ae541942df
SHA512 6baea26d9436bed4063899d4b47850fe33fa7b991b20bd836052ed10530685e83c6ece6f11c8b2d4ed3bbdd2f1233163a449a584bdce0a2da9783cedc60fd80b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d318cbe772e987342f3a6b60813b239
SHA1 9edf3a80afedf948a68e7146bff0c9b6d1b5ad92
SHA256 5c78bbce048eae2fd2783a7277e1e6607df3cf315aa1b06b047ac07f7162b5a9
SHA512 0fb02449b15efc399be87181b831bc214ff7f88f122c3c5e69c11de15376ee1dcc05cdf0c8df8a3e6377c38a38ac4ebda4f1ce4aff29dad2fe1c4327e44b0466

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b2507e23e47af1199f8ecc2d0a838f1
SHA1 2e58828ed9a8f0a3a37485e8909e7c35d970d27b
SHA256 15b4d5a71b955998d848f5795b0e346abb72122c4c6d38028db354332f46994c
SHA512 7a847a89c73c687751063b6ccb7d106747d39aaf99bbf930288afcd73d73db8a6d8a095bf83705250e71ea2829255fc3ee6f5ce4d7bb6f2714a5286f6a222112

memory/7496-361-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7496-378-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7496-379-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7496-381-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a919b601f2037ec609ae307493d9c9ac
SHA1 00efde5e1661bcc9626bcc2342419b663e5e2089
SHA256 f6137a87f9fcf9b00ac924a10f2657cfbacadd4c87846f0f2a407e26475314ef
SHA512 d74b32682375779dca01da98a19c5d804fbf47e7ce3cface9af8f4b4ca2e15b180d53ce7515193030d2d8d075c2fd07c34775f0fda8a2372163a315a3e67d8e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40729c7afea1bcc37f660e98256f57a8
SHA1 fc797de935cb6c662a0a0e13c3f0373d45278c80
SHA256 7a09e17824d3955c04b5d08f5daf0881b2cbe497516a0df68e557b336baf37b8
SHA512 444bd765b2839c256b4159c41eb3f0578c27c8b882bb700ebd0f8f4dd493215f65cc0091f14990a350d8b3c1fe84723a0b21df3341baa7780fe1f0a7a4576a6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/5176-472-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 57e664b283bffdde6442d5b93f4384e7
SHA1 51c13aa8f59b97e090889a2a92afbbff98de1bd9
SHA256 4836020c4e8818d82d34b0d9540b10e2996fca901b4bbc5821e2013ed2fb1546
SHA512 4f51effd4a4a87d4bdb0747d19c5af01fbe5d30ffc560412be43a98e16b3d3e60082a819fbcbfc2d6144e4d7ade163adbe314d0af80e98f127c230152b6e5703

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/5176-522-0x0000000073610000-0x0000000073DC0000-memory.dmp

memory/5176-532-0x00000000081D0000-0x0000000008774000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5176-538-0x0000000007CC0000-0x0000000007D52000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d439aa40127eb4c49c97bd689cf1d222
SHA1 420b5ea10d3dc13070c9a1022160aaac4f28a352
SHA256 f38b31ffce521cb614481e3bd6ca9b130e862663ac7134ee30dfe121ec2b6091
SHA512 172c61e97d8bf3dd5b8cdb59b102c0e6e660864da859e5db451fa9820b39c4f118ee5f54fb18e60c0022eaf7570522cb18303e2a759e9143af4b14bb50a94958

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 10e9d13c57ea2351af35317b5fba7801
SHA1 e87c777d16bd06aabddf9180bb7a5d6e1e86da20
SHA256 baf1d59c0030a32367584d00f2e9125182250a69fdb1e4bc56262c2627e93831
SHA512 6e6c6db494ac243e3aafc61c0f2e35be270c6c52ac4a1c1ff16b451030889340c7a536585331fb736f844a930796f1a80d281379d9f7f19522ae8b82b87ed9cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596335.TMP

MD5 62fa197ca6d20a82674ec5c579bac4eb
SHA1 630b00d8d1740c5aa25565d587e1b659738093ee
SHA256 c9b99dddf679d90690d9f3b65c0bbdf0cf0830b92db0661daa722a6b86814320
SHA512 8fa058b1dad0207d2ddfe1bfe9774d3cff0da50c23e85c9027588dffe4967b194b104878f71c174ac5c084aedd388ba82a88b880b68332623905497e9e4d46d3

memory/5176-636-0x0000000007DE0000-0x0000000007DF0000-memory.dmp

memory/5176-645-0x0000000007DB0000-0x0000000007DBA000-memory.dmp

memory/1232-674-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1232-681-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1232-680-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1232-683-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6c4876455d8c88eabdefe22e01b220c4
SHA1 3e8f3973415071f563f3708a672686deed432df4
SHA256 a1245a666e62c8629fd233de46a6f4d51feaa7bc4b49920ef9fd1b073460472b
SHA512 871f920233f39921c1abd758e11551ac9e4359ca0876a6eabf239c77ed3cc2e52d26087c4d731b58183fb84b77297682741fb5b74f3e2e7cf645a403b127acaa

memory/5176-763-0x0000000073610000-0x0000000073DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 827f9c7efe81712a1e61a10ff3e94fa0
SHA1 6e279ea2404b7b5b35a0f2a54aea9179ce04a6b2
SHA256 6005e92ea1bd35a475fa27e1a6c75bb8ed041a7ba17b09ac0c7eb733deab2716
SHA512 f05c1522ed5b6e16d7f7cbca4052569afc071d52b26e88536e1f68d3325fec521c52d96ff7981ae956338d7c5bf27cf30d60fd165d2a4844688b393dcc9b7f3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74cca8a79a3fe9f168734bd20713c732
SHA1 6f6e4d1224e6f30a08bf6e4cef5910722ad2b2a8
SHA256 eeed0521745df2de88c74e682ca148f0c10163dc7b94a00caaad284f3d8e79dc
SHA512 b9689650a4764514643d6523fc6ec4bdd84e010ac8d8c2e577f855c1cff4634cc378e660a88acc1940468634a2921b9ad6e27b7f27ea973867e494cea857194d

memory/5176-828-0x0000000007DE0000-0x0000000007DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a1e07c1167c1c577a59ca296678edf41
SHA1 2b737d65ac3fdac46dcdb1c9d5425ac902a0ffca
SHA256 67256a3576139a8182243addc83a3aad5e85a825ed621b16736ec393fe8dfc4c
SHA512 b2efab182c3fe6d02c1d16003d00200a2beaf746857c96417ad00a8cf45eb6159c7be33bebbd07bbb4ca32257eb76e4f309f079f55ab29bb978e356fb26b9fff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 23a32472f22bcb24dc40a226f0b4b970
SHA1 f357329d5265d3ca8e0dc30fa22082ac1af72c68
SHA256 583daa7ed9f91691a6aaf589fb7ca18d951f05fb10c8b46e7d3e42342e9aa5fa
SHA512 acf7dbf5d749e271d0725fadcad3448a8cde73c1e4f1265a8caebc073a8ebd3a597dec179e93bce147bf8f1adc9a9c6558d4fe5a379eae9e0d0751a8bccd8c13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e54dc110598417f9548d381b9c2b230b
SHA1 75b9b2c3f9e25e3fd141eab04311af69e3dc2932
SHA256 003a9ed1154d783d02ce09a9af0af78fa7674a104645e9e06331dbd3a8b74caf
SHA512 d3c6bd1ed2fe03f6244a309a2c33ab950857f128ce5917f47556296b2394fc2bbcd9be4681f3849365262bf411d3d7a4429334543f8104a88892691c3db6fdeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 80f08339fe57be5f09d549e43f34ae0a
SHA1 c195f0eec216620f1cf203d783b1319e1a38bb51
SHA256 28c318ce564fb3099178677a5abd6cb07d3cd78ea56a89011a938f4633fcee9f
SHA512 f0421567a9725f6790dbd129950c2196837973fe4ec6e8d50a4673e09d5c87fb1486bc1971f864a5ecfec6e7bcd4bcdf39be77e87084192006d0aec36b3abaa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b03196ef618ca963cfb320b5be3ac011
SHA1 34a064519311fb769c35369519a906759f9a911e
SHA256 435e4d6d083400d7068c46c157b8b4ed0e66fb6bb0cea5972c42affc2c1f378a
SHA512 da2e31e373f7fc8acaa320ae5bab9d41d85c73259827795690836827b922834e1b667087874dfca5ff99922cab8e64799ac5e18f5bf373272dd78570cc593b6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b509642f701ef3fd97f73902eb704f70
SHA1 09e19ef155be90ff25402a52c83c07fa7832aa4b
SHA256 decb089506b0212d354f19c8f253e42f6c13f8b748cf51ed1f611f7a2ed5a6a0
SHA512 d1ee47fa91afb07ca16b3d3863fe963b05505d79c814e3870368ad7b9cf1d8a3edd904052e0790965a1bc9e1425546a4615ae9f96b34e995d637115ca2b10841

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f1d8f1db937ad80621be7586bd302ba
SHA1 972dbb794cb86083370a457280be69ef8d6dda1e
SHA256 7a91a384c9631ee856413dc26831cba8397a966bac2b123c04d786d1848eab54
SHA512 1893ca8c891ca8cb32121551043311fad0f5a67e0dd391fe50252fca851f13784829c9b1f682a5d2a6cd7ca6e2fca9e93cfc4d3450e485c6765b79fb4103991e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\072ed29d-60eb-4059-957d-9ecc2088ee4a\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 2beba85ee289e705a20257341932267b
SHA1 bf9690019f3c512a52e248da856a653af79f68d8
SHA256 d2acbe36d2b0cc10236e2cd13254f31542a840b7e07571727fec0aac73760aad
SHA512 ba6b8c0423ea3961182fcbbf2dc43fb80737dc1e5d53ff94966b7cf17371196f4f14ad251cd1c4ca980bca9967222b691261572681cd2ee3eda590a7b092e3c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5a32c9.TMP

MD5 9fb0582320bbbf31c3bb3dadb1e78f33
SHA1 e04b108277f58a620191bb58259e31738ef49ed6
SHA256 605461b88fef2575fc906381538826177d00f20353598d98d57c9a0c8d35554a
SHA512 1617d621aa01c7576f00c221df1f98fdde1ed7e2d963681f285ab2435850574c15fd29fdec09dd8fd26af9412960ae15e8b83619bbbd3ad6b4e1d9fcbf950927

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19f4d344a0bc6a71ea7f198fe9619dc8
SHA1 45a83959477e1750f6934ebbbc4ce9c459338b0c
SHA256 07dfea5b9aedcd9bd6b106ec49ac0c217391356d9871fbd6a0e2cd1a0d102571
SHA512 2fb41126039d0bfcf0a8ec8a6021571090ded7232fa5394a045ca061d43e86fe2ce5627929ee93b8135111c9a35158bcca432e52d975aa261cf3f06bdc0ceddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 27de7224dac374a710e69c43cb306aee
SHA1 8fb8c64a07b5467a1fb9c6ee5a63240136404df7
SHA256 396e3adc97916383df7157bbd6d83403efe40fed7bec97b315314f0ee6d2dd35
SHA512 1589cc3d90eb0948008643f6654866e4b4dd54e033aa3292012d7440ba2523a993ef066f46a0d7741c56605dad91013bf475eb5cd413f3bc2bdbf82847139a2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 20495787ed52eaf881943041d29b3831
SHA1 e5f894aa805d0acd3ab6722ebd6c43e68720f54f
SHA256 914a533d32044dc1d3e49d1c5c45c024741b632a4dc48fec12a2c326b5dcba5b
SHA512 1d85ca0e89641eb7f2b7fc40e3edf05e397100acb276dfdb7a72c86644447c99385f50978b66d41163c95ac953b7b8cd7c30ee1b3c1783c28d0e50dfc3db08e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 278d6122632d6037410654920dad6e06
SHA1 e0da101a0106b6c465b6b7e3a66feb895b114e1a
SHA256 30c9d2d128f7e820a5b6fa3c370c190285bfeaccbf4b28e9ca00a88e8968d0f8
SHA512 bce1ea87549ce448873b1295cfe058840435f9d5493f34c395ac2c1db9a306f68e6cd3e9222b675282ce59e0982e0a02b8205ebd2b3455a90623c1485f0711fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a84e1.TMP

MD5 85b5d3407cab5a738812054601e504f4
SHA1 fef53c6cc57868555b0d9b6b1f4c8c43256ec23a
SHA256 6bc6d82d03e88043f926f6187c1d535b839fe132b1aadb3b0ece98a37ecf64f6
SHA512 2f0559c977047660b282425a03469b788f526128a3e6280d7a75fb143b4422029deb09b6ebd65d3c60cec3e4c2b3b3094e32ba52893b0b2aacd7441881ec6247