Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-1h3jxacd54
Target 4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8
SHA256 4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8

Threat Level: Known bad

The file 4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

RedLine

Detect Mystic stealer payload

Mystic

RedLine payload

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 21:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 21:39

Reported

2023-11-11 21:42

Platform

win10v2004-20231023-en

Max time kernel

5s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3344 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe
PID 3344 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe
PID 3344 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe
PID 3092 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe
PID 3092 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe
PID 3092 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe
PID 3196 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe
PID 3196 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe
PID 3196 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe
PID 2944 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4560 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4560 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8.exe

"C:\Users\Admin\AppData\Local\Temp\4961166029f71379efae4a6c144152fa9ccce45ac0aaf0e444133a6c43bfc4a8.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15337388206618580239,723768317919985990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15337388206618580239,723768317919985990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6825076350166044802,12507398674212827790,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6825076350166044802,12507398674212827790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13563950478066586679,7815633440307809874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,17683246751926757626,1842699573823709321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,5444681218734479140,9230758117328215034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb656f46f8,0x7ffb656f4708,0x7ffb656f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11oz7579.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11oz7579.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12XX448.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12XX448.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6720 -ip 6720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13ui612.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13ui612.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10603415743785780400,18437174684068132892,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2844 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.201.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 34.227.0.18:443 www.epicgames.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 18.0.227.34.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 54.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 142.250.179.163:443 www.recaptcha.net udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 126.210.247.8.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 login.steampowered.com udp
JP 23.207.106.113:443 login.steampowered.com tcp
JP 23.207.106.113:443 login.steampowered.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 35.186.247.156:443 sentry.io tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.226:443 googleads.g.doubleclick.net tcp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
RU 5.42.92.51:19057 tcp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe

MD5 d90eca169f9da073af802f072380b646
SHA1 1992385988e67092557b89fb023504f85633e005
SHA256 1f3f3a955cf6cee5ceb2aae209f18341fe938878c7f08e8aaaeeba9fd95efdbf
SHA512 6498ae7b30581cfdc6f69ec0e6da6e943cd44bb36b01c39e927a642c33be3bd5988ae699dc1dd28887c860b37f790a6dbd7722075dd9c2160c42fcaefd92ab9b

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wf5Dx09.exe

MD5 d90eca169f9da073af802f072380b646
SHA1 1992385988e67092557b89fb023504f85633e005
SHA256 1f3f3a955cf6cee5ceb2aae209f18341fe938878c7f08e8aaaeeba9fd95efdbf
SHA512 6498ae7b30581cfdc6f69ec0e6da6e943cd44bb36b01c39e927a642c33be3bd5988ae699dc1dd28887c860b37f790a6dbd7722075dd9c2160c42fcaefd92ab9b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe

MD5 6b2b824b30c02309bfd0074df1a9997f
SHA1 8705fa89addac913f29c249a17e43fb87aed9e78
SHA256 901b5056cfbcb95dafb39e091f6049cf85e701e5ce8eb98b69bb93724e9d474d
SHA512 351dc2841b8eb52b545df7a6c9c35cc854b4c2f7c67bcade304e1a52e47bd913691d3491863a96d37467fdad955eec1ffca1d8e8e0ec5b862abf66eca34dc79c

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\IN8rm74.exe

MD5 6b2b824b30c02309bfd0074df1a9997f
SHA1 8705fa89addac913f29c249a17e43fb87aed9e78
SHA256 901b5056cfbcb95dafb39e091f6049cf85e701e5ce8eb98b69bb93724e9d474d
SHA512 351dc2841b8eb52b545df7a6c9c35cc854b4c2f7c67bcade304e1a52e47bd913691d3491863a96d37467fdad955eec1ffca1d8e8e0ec5b862abf66eca34dc79c

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe

MD5 e15f67550a50ed95b01cd91a68b2886a
SHA1 7d151a138809e26a265e427355028176654ffb7b
SHA256 c6246f952cadeab36915e14cabffffe7dce1b0f8fb707572879e46cf15f9f682
SHA512 3965f6277eb701dae972eb7aaa47df5284ddc885373e7d8e0d029596b659c08b36e3b66380ca9611ff456185cf05df3dc65174513fc9ea9a6dafbc8110c4787d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10fO62lb.exe

MD5 e15f67550a50ed95b01cd91a68b2886a
SHA1 7d151a138809e26a265e427355028176654ffb7b
SHA256 c6246f952cadeab36915e14cabffffe7dce1b0f8fb707572879e46cf15f9f682
SHA512 3965f6277eb701dae972eb7aaa47df5284ddc885373e7d8e0d029596b659c08b36e3b66380ca9611ff456185cf05df3dc65174513fc9ea9a6dafbc8110c4787d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_4560_PLQCLCVPUQRYXTGY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3948_QBTYXWVFEJIHLBXB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_3936_WKRISICGNDHYEBBL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e98cc22bf5b38f9c1df2888c86f89931
SHA1 7559eba6fabea22f29d999e853483206b935a189
SHA256 987603d8e59718c7861f9441599f24ffcffe6b98c5af267f67f26768e3a36bcf
SHA512 d108f820c881f4a4448033189e4363bc21c275073a6b1aff31207bb35a2003ab7035d6317e51df9016a21121c70b0363cb4d36eba63bacbb7074445e05c2a0b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e0b2da78f0c4ca9305b1bc506e30690
SHA1 6c3602c2286d3638976502c1a62fe4e258879161
SHA256 32d9e5d24be95ed07283b3e41ee13e491221eeda642f003d7ef18a9a3bb28eb7
SHA512 d46648037e45209c83f7815de94ec7aae8b75ea4649d79700f747e477721a905040ad748e62c3e9b6c5464ef55f3a1d44c1ce4512172b13a181468a532d804a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e0b2da78f0c4ca9305b1bc506e30690
SHA1 6c3602c2286d3638976502c1a62fe4e258879161
SHA256 32d9e5d24be95ed07283b3e41ee13e491221eeda642f003d7ef18a9a3bb28eb7
SHA512 d46648037e45209c83f7815de94ec7aae8b75ea4649d79700f747e477721a905040ad748e62c3e9b6c5464ef55f3a1d44c1ce4512172b13a181468a532d804a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22ea0958d7b5e3b2239eeffe2e617ea5
SHA1 1db84fe1b09fba6cb3e4ca3113b5620801b02af5
SHA256 831d2caa4b2e8c05856c3d79693e5f3d8871a43bb553924f29bca9607dfdf150
SHA512 4c9ec8551f9983a242c87ee4359a53d159ce80e4a6326c6735ddb31a632e41f918a36e09c9aa1623335a024dbe7a420db0e74df90c0f713158f4c593470e40c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e98cc22bf5b38f9c1df2888c86f89931
SHA1 7559eba6fabea22f29d999e853483206b935a189
SHA256 987603d8e59718c7861f9441599f24ffcffe6b98c5af267f67f26768e3a36bcf
SHA512 d108f820c881f4a4448033189e4363bc21c275073a6b1aff31207bb35a2003ab7035d6317e51df9016a21121c70b0363cb4d36eba63bacbb7074445e05c2a0b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5df9b79865424e98021140cb7ef1e788
SHA1 0b11a76dbf5ce69f2c18054e846e1dc4e59867b7
SHA256 81ebea0bb82ae82ea5d7c6b6ffe7e6e2825ec34a1753cff5737a3bc2af604aeb
SHA512 afea6d40f71143f2b0d6f94b208d3662ef00f8860b1bcc895c0d1e0a406eb5f67e80a20ab86e7c9e2749b8b11b635e9dc49a65975e494775a1aca4ae4858b5a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5df9b79865424e98021140cb7ef1e788
SHA1 0b11a76dbf5ce69f2c18054e846e1dc4e59867b7
SHA256 81ebea0bb82ae82ea5d7c6b6ffe7e6e2825ec34a1753cff5737a3bc2af604aeb
SHA512 afea6d40f71143f2b0d6f94b208d3662ef00f8860b1bcc895c0d1e0a406eb5f67e80a20ab86e7c9e2749b8b11b635e9dc49a65975e494775a1aca4ae4858b5a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22ea0958d7b5e3b2239eeffe2e617ea5
SHA1 1db84fe1b09fba6cb3e4ca3113b5620801b02af5
SHA256 831d2caa4b2e8c05856c3d79693e5f3d8871a43bb553924f29bca9607dfdf150
SHA512 4c9ec8551f9983a242c87ee4359a53d159ce80e4a6326c6735ddb31a632e41f918a36e09c9aa1623335a024dbe7a420db0e74df90c0f713158f4c593470e40c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 093dcca4d0cb9ef0701a76b9c9640e10
SHA1 a5be2ee7ddcd3e99e90d25e84e56d19520c1e3fa
SHA256 9a3fba55b891d5808ae7112ff8d439d8d33a6fd619576827b3658c48aef3b229
SHA512 8b68e38fe266738cadc6b5af344fe41b4d8b2057a5d061c7ce37ee0cf0706c509704e3bdc83e294a95dc291b77aa0601aecea0c4be984aab2fcd56041058868a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5df9b79865424e98021140cb7ef1e788
SHA1 0b11a76dbf5ce69f2c18054e846e1dc4e59867b7
SHA256 81ebea0bb82ae82ea5d7c6b6ffe7e6e2825ec34a1753cff5737a3bc2af604aeb
SHA512 afea6d40f71143f2b0d6f94b208d3662ef00f8860b1bcc895c0d1e0a406eb5f67e80a20ab86e7c9e2749b8b11b635e9dc49a65975e494775a1aca4ae4858b5a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e98cc22bf5b38f9c1df2888c86f89931
SHA1 7559eba6fabea22f29d999e853483206b935a189
SHA256 987603d8e59718c7861f9441599f24ffcffe6b98c5af267f67f26768e3a36bcf
SHA512 d108f820c881f4a4448033189e4363bc21c275073a6b1aff31207bb35a2003ab7035d6317e51df9016a21121c70b0363cb4d36eba63bacbb7074445e05c2a0b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 093dcca4d0cb9ef0701a76b9c9640e10
SHA1 a5be2ee7ddcd3e99e90d25e84e56d19520c1e3fa
SHA256 9a3fba55b891d5808ae7112ff8d439d8d33a6fd619576827b3658c48aef3b229
SHA512 8b68e38fe266738cadc6b5af344fe41b4d8b2057a5d061c7ce37ee0cf0706c509704e3bdc83e294a95dc291b77aa0601aecea0c4be984aab2fcd56041058868a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e0b2da78f0c4ca9305b1bc506e30690
SHA1 6c3602c2286d3638976502c1a62fe4e258879161
SHA256 32d9e5d24be95ed07283b3e41ee13e491221eeda642f003d7ef18a9a3bb28eb7
SHA512 d46648037e45209c83f7815de94ec7aae8b75ea4649d79700f747e477721a905040ad748e62c3e9b6c5464ef55f3a1d44c1ce4512172b13a181468a532d804a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 430146ea15d6aa9e93ba20fff393b5b1
SHA1 b89060aa5ac11a39c96abfe4b883ab59206dd1b5
SHA256 6d06321e5fa16417b36dfbb7ee2bb9baefd4394272cd93df46bbf5157d36cf16
SHA512 e2e956c1ff4994bbcc539594a62da0e4af1f2a7daa1ca6a836f5195af654d1b63b8edef231676ecb63d778ef5107f9b2db805b78018416508a71e0149d66d718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11oz7579.exe

MD5 c00b3416e4108868945091c1b26cb4df
SHA1 0ad8aab58ea06a10a5e4f6a94da906b4b3a5b312
SHA256 8bff02597a11036aabd7aacf5bcc040a13896b0ab05d333f2b2daf45a472e43b
SHA512 48d5f6d22317678dc4e1e39116ed87f63d333e837c5449a95cc00607540f1bc16a6bc8cb85aabb137cf7ff28092363ecec730dbd6595ee690d1eccf7b616e124

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11oz7579.exe

MD5 c00b3416e4108868945091c1b26cb4df
SHA1 0ad8aab58ea06a10a5e4f6a94da906b4b3a5b312
SHA256 8bff02597a11036aabd7aacf5bcc040a13896b0ab05d333f2b2daf45a472e43b
SHA512 48d5f6d22317678dc4e1e39116ed87f63d333e837c5449a95cc00607540f1bc16a6bc8cb85aabb137cf7ff28092363ecec730dbd6595ee690d1eccf7b616e124

memory/6720-240-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6720-242-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6720-243-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6720-245-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12XX448.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12XX448.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/6988-257-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13ui612.exe

MD5 33cab8751687bb3d8d895a35c8ac9b8c
SHA1 7fda584661867f3fb586665c2dfad1777d50f491
SHA256 406889bdac2bc95ee515f8edd14858e0845142b0f43eab2fb6023243057ce414
SHA512 034d263d65c0da965a6a5e081b7ac8d215e291a7e8263f576da25fbeb539ee709c8e3f765b5477e422509c99367aa18c2ea5c43497b845f585988a655d9e3d82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc0bf6842fec9e892279e6be4b2e36d8
SHA1 2c4687b8414bf11e53a0fe1061753ea940a21d2c
SHA256 c9a5d1650b97df6d07988524ccbc66040efa222f048216c4912be0417a4ba68a
SHA512 063426115f9eeb8c8b0adf4abaddafdf1af28dd36995f873f9d75238d365dce11af60803ef45e859df2dc3624af711341bfabf900fcb40db87b719f5438c0449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22ea0958d7b5e3b2239eeffe2e617ea5
SHA1 1db84fe1b09fba6cb3e4ca3113b5620801b02af5
SHA256 831d2caa4b2e8c05856c3d79693e5f3d8871a43bb553924f29bca9607dfdf150
SHA512 4c9ec8551f9983a242c87ee4359a53d159ce80e4a6326c6735ddb31a632e41f918a36e09c9aa1623335a024dbe7a420db0e74df90c0f713158f4c593470e40c3

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13ui612.exe

MD5 33cab8751687bb3d8d895a35c8ac9b8c
SHA1 7fda584661867f3fb586665c2dfad1777d50f491
SHA256 406889bdac2bc95ee515f8edd14858e0845142b0f43eab2fb6023243057ce414
SHA512 034d263d65c0da965a6a5e081b7ac8d215e291a7e8263f576da25fbeb539ee709c8e3f765b5477e422509c99367aa18c2ea5c43497b845f585988a655d9e3d82

memory/6988-267-0x0000000073D30000-0x00000000744E0000-memory.dmp

memory/6988-270-0x0000000007EE0000-0x0000000008484000-memory.dmp

memory/6988-271-0x00000000079D0000-0x0000000007A62000-memory.dmp

memory/6988-272-0x0000000007C10000-0x0000000007C20000-memory.dmp

memory/6988-273-0x0000000007A70000-0x0000000007A7A000-memory.dmp

memory/6988-278-0x0000000008AB0000-0x00000000090C8000-memory.dmp

memory/6988-279-0x0000000007D30000-0x0000000007E3A000-memory.dmp

memory/6988-288-0x0000000007C50000-0x0000000007C62000-memory.dmp

memory/6988-298-0x0000000007CB0000-0x0000000007CEC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f1881400134252667af6731236741098
SHA1 6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458
SHA256 d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75
SHA512 18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6939e1871c7666fc42694dc23c7ee8dd
SHA1 c6c3df85bc466b0e2a23134372dcedbb92990de5
SHA256 c79c80872d4906e388559fb096934ba4147dba5f619c25e8bfb64c7c70120bb6
SHA512 6291a2381284f56a10c7ddaf3ead47e495052ad54bac2cb8c4f36381ff459db671383d6e5ac819f5a31b5edc809fed044ee0eca8c6f453a72b9fb83dceba4232

memory/6988-306-0x0000000007E40000-0x0000000007E8C000-memory.dmp

memory/6764-307-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6764-308-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6764-313-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6764-309-0x0000000000400000-0x0000000000488000-memory.dmp

\??\pipe\LOCAL\crashpad_3724_KAOQLYEMXFEMLKYX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 69f57fe2766b1734c20dd89a372f7896
SHA1 ce5b582c818521606d1553d4293df57ba94630a3
SHA256 db34368e19306292766b5f2cf87d0e558f26faffe12fab557611ddcbf2e35c0c
SHA512 f7009cbc25851237dac678625f3386c5c410bc85bcc63a768a56f388047644ee3cf9be54f778e99f81c99a3c94f3000d27bf7b3e2154522c925c7e45fe15e8a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585e86.TMP

MD5 b7f0fbb511519169bed205f7290d8ab8
SHA1 b19893ae08d3ad42b28a6c11719996268989ef90
SHA256 f4038e236581bbc2aa77a1a83a4289b3a97251b21d435d79be25e0d743745a60
SHA512 d26946610aac19be0efb5986ca4a35a5f5144a92463b2aabddec3bb1ff97ea2962457c71f23d587f5b2cf1eacdf731420a919ffc43018a8267d6bd41dbdeda9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a405dc898895829eec094fd09afc3281
SHA1 4279ba1af4f17b1c349b52db0ae8492d5bbeadbc
SHA256 545692b17208a4c5a5d2046b6c9eac23ddee151ce03d9b20834bdebddb99ed15
SHA512 c2f046fba8cdc0c51c754a773ceac564a4f2a9236836500e97445384e80ec801a02fd3c60e8619053b9cdec417aa8834c3c111bbee90fc16b558688e8aa3e4e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 1805113235a2b016c7f932570a05319f
SHA1 80f035607f31f9a6f5a2adfa4c802ed8dc34bbcc
SHA256 93e959f6e96aa7d6d4475cf7bf83cb1892a229f78bfa37090f48ece4316c86b6
SHA512 8ebf784dcf74517d9de511f39fd8707c9face6a7baf2642dde08c47cc6df341e6ed08ff59af6789d9ae4fa9b7d5da4fccf86d5990d2d7c1867eec565c9cf2082

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe587d49.TMP

MD5 00dbc3d0d02eceee52aa87ebd0c2fa11
SHA1 7773ab323bc5dcd28852a0b0383bb573ee526525
SHA256 c80fc68f3bac99555e2aa42b72bbc76c453d6a398e5f779f8fdb99c94b31661c
SHA512 48767f4d3276630d2a7425c6edaf499454d4ecdcce67f3b1d4569d876d8b28312584e7c7770e8458100402f11940c7df545c3e2424ee15f894bc57b313c26052

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c7c7f1589a0e0cddefe080ff3383dc95
SHA1 d0dd634530a16d3afa0087e72e9656a1da6e566d
SHA256 f028ab89ac60951fd5f9bf689e2bcaf0e0d2e14084446e375d80e1afa5aebe89
SHA512 f75bdd46ca327d70a78255054bcd61bbf7865c41f90315c8ef315df879b57612a9ceca5d4c53bee904f492678f75c3770210cfe9bdde455d312a93724494d15f

memory/6988-889-0x0000000073D30000-0x00000000744E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c97092c8da03b962330d116d48c027fc
SHA1 15646c8c06855d3ee1b3a3e74a51c4adfbb41f45
SHA256 7d1bb4fd4c4efc0b85a4580a6677280ab29bbc7697fda04f47636d839646301d
SHA512 7b4ec75aa2ca45575a41ea98cb95c91725063516bc4a37827f54832bebeb75b9b8384e7ab641ee8f1468701bfb017065f5c256b396cc9e91de02c8d3acb67eb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 135e3eadd9f385d62554691f5fc532ca
SHA1 d2848d12de72bb0c4f763ebae71d456409d1be72
SHA256 4ffb9ce36fdc55d53a3979dc2aa6a570fcbf8edbf12b20a384780cdbfeea9a9d
SHA512 3e51c5a416a63293323be9f8573de64640b30ae95211f58edc1654492f4b83c78eb6a7b8272b661b8ecf0810ab3f8c3d71be54e1b0cfdfc07bbf0523f660b099

memory/6988-1019-0x0000000007C10000-0x0000000007C20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 374d4d58dbfddfcef7259e4f62045cff
SHA1 1a511e699a15355a5e18b9ec8ceb4eb3f37846f6
SHA256 3feb79eb3e93728ef9965f7bc0b6306a5d4b8d3caa425d8cb8483853894a8bd4
SHA512 50822d30febbfcdf897e3ff740fe55a8d0ed14398803a7cb374ba0420913cbc541b01f7e8b3a9c259004455d35d69f3f690d2c9765dc5559631ff75d7c19b4a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8fcb42097cccd93b2f230ff9916d6751
SHA1 aba4e29bccfb9bcac32e162077a42b1080c52c9e
SHA256 f2570d786e1ace3b1a9302e98a28986b207fb280e859a8a5cc896f57090f8fb6
SHA512 bb0cac58ab3385b382e8c48c6311e697ff3484a749e735506e613383985102cd7beeed8a5c3a5b7eb9aa72b8f01c7ca86677a09fc8c137586999e9be4bd58682

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\39e6edde-7eb2-4726-9ade-1e28f5aa9a6b\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 393bf9484687ed8e1fa83880b2034350
SHA1 1d2d7114291e00403b70c259fa442b49a9c32963
SHA256 4528cfcc3dc192aba3fbdd4350e8c775f1cafe65fccd7030d89968fbda9d049d
SHA512 fce87a115dea172db61dfea7c22ac7bb574daed1b8da7ed34fee910c817191a96480f48d6cf34cdbaa9f9022a4f4632a7d1069d6fb96bb67b360696fc2267123

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e8a56302362685567299f766af03ce8a
SHA1 6cbe2d791bf271add73ef9a4647409911e3c79ea
SHA256 3a6f12a9409fd8cc5bda37b054e99289cfc707929570a0b689bac59882509fe8
SHA512 0d931148964263733cbcff55617426f5b4d02544b6a128ef3f282ab03d4c1ad13db75c9e90a8e1001f1d04309d7e5a82fc5f6d4415cf18e67810fd2d1ea8ce0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\2098f56d-5248-42e3-b47c-6116d8b1fc6a\index-dir\the-real-index

MD5 e89f3f9f0cb7e41eafcf0317fe3d213d
SHA1 60864abac6ff6c438618d63f6de344c6f212d24c
SHA256 1232dd292432f03c31f0b2b1d4f0c1885dcf190a31369ea92c22e978ece4e561
SHA512 f505fac1742fe7a81937809bb9ea13764a559f7a579d286d2c635fb798c62a3442788de03aede1a6f66da0d5af1c8ca8aa4142e12d5359d539b3fa5e85f60d46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\2098f56d-5248-42e3-b47c-6116d8b1fc6a\index-dir\the-real-index~RFe58cdda.TMP

MD5 25e12ee70a8dfeb70f408acdae4e6011
SHA1 20eeeff8dc740e5b250c81b8e8be1fb7b9320808
SHA256 0b1bb24b7462b4bc9d68bcbc679a9345e974c37e22c10392adc0efed28d17803
SHA512 58a2d68a2dd3265120c5fde9f7fe29051d1cf10e2ad3d2ac549690e10c8cc018a4d025c530b34293d9d0d116fa4681ee823028ba31eca2be5ce892dca9126d0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 160d7abe1565d2ca37f97be971dc9ae7
SHA1 1e33b4ca624a566ffa4740273b50b315fab12166
SHA256 a12874a754fd9258f2f5354c4bd3c5858e64d247ee7f97201770aa3130607bb0
SHA512 bdf6da6a1ace27dd1a5b58bfa5cca23c24cddf39c80c4f2f55d94fda14048d667dac662c941c59163bdcd6f18c3ed20c81480733d8bbf173814d30b091a7b389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a84163fbd0d3f7ef0fa374b0459517bf
SHA1 ff7503e0a48c1607b707d6a769e8f60df243531a
SHA256 b19f2e2bc43ecd3cccd72d4aac57fa18f899056768790fce384b8059d3c3078e
SHA512 a0921a53887d0ae9ec5e9452174fbd59dc445bd3d6e788ef1b31f4d133a947d389cd98bc59fda9fb51de407582a312a08885fd56cdf05847bbddf0cedfcc7ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 7c85f8108223089545aaf32fc472e882
SHA1 240d1eb0426e7ae851ce5576c41c8291ee265ca8
SHA256 9ea213b61d53edeec258ca423de8292d69f2dcbf151cd266186939eeaf7679d4
SHA512 816a8029c5289aabc51c8e2af819b37bf933e83b55b7b64a4e133076a4491cc1234207703f8f4399e90380595f17973df5861299fb12c093c06f9c9cebd81caf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fa88.TMP

MD5 c94f9ae84a25076057180e7ee17fbf09
SHA1 f1383a6b59335297e5f39e0365565093f0df9e43
SHA256 50e99dd48b3ea48619562bc6df17587f171011c4304bc3171075bacee478ee98
SHA512 a573085ec2426defc9a4008ed653540035eebf557da869074b3b0691f3818ed4b2ce8a2b061d751d739fc3012f54770d452a1cff7ac8368f326a1e6b99af6bfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12cfcb5e38eb73f97fa717f77d274281
SHA1 2e89e05b33d9682bad226365693179e38cc50b0f
SHA256 e9ecf2f8caf21e537bca2763b863c11abc18004adc72911c8661c77c5e9b89f3
SHA512 a82d6d72f0f1aa72070406cee66f3009651d7766d4b8dd0ea0bf1f510dbce64565b1544aeee5386941c27a1bb5825f76a531104e7892d1a69355507a233f9414

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26731468b7c27322ce2e6fe5870b15a4
SHA1 596ff91166abd0d5ebcb3f15c287c38a4a59da3c
SHA256 246ed97fdb9f1639119eaa92f862e874da5780c0c503b2e944e1d1bc7498e3ed
SHA512 7a004d41f70d960a6c5e676f3ff7bcbe8204334537927c518a9d0a8184710ece72b3f197c935821a4d07ab818da3f223c3100c89ce9d70b79017c823b91e0381

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\32599b93-0b33-4dcf-8e79-e073dc7ef948\index-dir\the-real-index

MD5 a46d19cea40309374cbfe3101ff36f4f
SHA1 52cc5f9b1e49a454bb1e8a97621c7865b8ef6ede
SHA256 0f5f02ba4574c457db126247098f9964efb72012dda2311c51bc2fc189396ec2
SHA512 7a19c393b01436c0fb6bcf19a0b57fd5db351ebb7d0bdfc8733bbf9bd6fba4596fd57594cbbe78fc03cc6218ad5e3240391fb805458f1f5c0f4df29d29c96496

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\32599b93-0b33-4dcf-8e79-e073dc7ef948\index-dir\the-real-index~RFe591311.TMP

MD5 ce5da7b8b5206a52ad401994ea183389
SHA1 6d1f4e70ffe158b7b8922050262d50dc2bca0aa3
SHA256 c6ed2c55c27ca72269c835afd2df42e9d2b05cd0478314a7a48727f20a531b31
SHA512 372c005dd54071d3b2ef0d9f345bb83e15fd1784fc80df03e577ff39e9aa37a861cc94885d11bce20569b2d5fe616db68d7e15dddf9f49c323778fcab603a8d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 505f3c41ca1c3175797f568ccb1e025d
SHA1 12ec7fb76db074432a9bd7b311213d99e212ae0e
SHA256 2afab62961472ea4f5a14669c47fd87de04aeafd3aacda695c48684e200e1dda
SHA512 362ae9e33ce5f56a6d6802307051cb866d33632d5408d35ea03cc51696ba44af3177fa543f06c2703c47e10b8e46815fd2e0d864b0b4dceb28dca2a84ffdca02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\463d73c5-5577-4f0c-a69b-0860dafd0ac8\index-dir\the-real-index

MD5 ce97cd5a06bc81ee3583282ebc1160a3
SHA1 0ed679d516e52b31fb261e93d903b96f6c722a96
SHA256 61c75988fe0869cbd3f05a9a3957f76879dd5a51df3869199902d845e2a70db7
SHA512 774cd1fb3d3fd30d10519dea47ee8c7ad30b88f32aee5797cb729d367092b1d2c44d99394c11a072786b27fed297d20dd7c5f7b0359ea650e843f47a9596a776

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\463d73c5-5577-4f0c-a69b-0860dafd0ac8\index-dir\the-real-index~RFe591999.TMP

MD5 42857a3a4e82eaf93e4e1aa5ca1d23fa
SHA1 5f84450d42a411fda31d997425c3e687d0b0547d
SHA256 c71f7856527a285c58c40edfc70fe171d6436f07151d1d00d199e5aa637afa0d
SHA512 aa44da029f1957b5d958eb87ba22c0ecdd2a56883d41fdb0b20ede4ae2d57d7b468bec40d9fdee694e89490cf70c49e71163ccf5f7d9cfd3b17a8ad4c246968f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 f9a7144a8000137ad0a3a70a49980560
SHA1 eb6faac4789470667bfbd4c8e3cad266e6624adc
SHA256 28a76c3b20ed74490ef5965d1b028cbc55403f1d3634609cd6aa4c6fc48af67d
SHA512 589064a72fd112c9d88dc1535a0ff786ba13ed7f7b0192427ecd964935b431ea51416f7cd17cf97b3b8a2836ff53dcbfd8dd10ada0040bd0d8bbf57e89051c7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 016ade55dabe1b02772e9cecce67f397
SHA1 0bc1fb42399ee3ad5061d6e2eb8b67d0196b76a4
SHA256 c8f6aab91ee535e1e98e5e7b2a07750c8e6010d9181903096c6c99357f7a13b5
SHA512 8f91ce19734b565fa22e09b1801fd2a8f71fa2d76731c5260cf6631d74b4c51ea61f29717af0b13c5fc73d284262298af8d520ad6efd9847d5714d9475c100a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3b89c5f79c39dd7e9917470cc074685a
SHA1 81a7d29effddba90b08985965159f648785c90c7
SHA256 96689ed099f54be6a8c250ed59defc8412e09ebb3ff7c283b8471cb8609ffb16
SHA512 971e844719e6fefe6eeabb53cdb6effca073fac3a6fc6eafd4f731b35c829571723d836281f110daaa215d67ec13c7f522c6909b5c3384d87b89a075e3268176

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d5da36a8ff38c9b76f329756a65758d1
SHA1 99fcf70dd8875bdd30ba72670d5eec8de1126d38
SHA256 c351dd535286dedf34548e07878e6975817d7ae54359367cda424c3d6362b88b
SHA512 f99b9a8b2175dc415deaab49fea9390a6d303bfae46c07c9f2cfac62839e44e6969bdfc90cb434ffd812747db0fc131e2516379b707be1b3bf4d644454597aa1