Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-1xfzfsbg7w
Target 83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc
SHA256 83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc

Threat Level: Known bad

The file 83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine payload

RedLine

Mystic

Detect Mystic stealer payload

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Unsigned PE

Program crash

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 22:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 22:01

Reported

2023-11-11 22:06

Platform

win10v2004-20231023-en

Max time kernel

147s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3976 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe
PID 3976 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe
PID 3976 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe
PID 2000 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe
PID 2000 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe
PID 2000 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe
PID 1932 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe
PID 1932 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe
PID 1932 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe
PID 4476 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4620 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4620 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3288 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3288 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc.exe

"C:\Users\Admin\AppData\Local\Temp\83151b3ced49cfbcf3c1a85705b341a33a44493c016f0ca04cb85fa302f7a6cc.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1557075184443209356,6001526811908534191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1557075184443209356,6001526811908534191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,2254613271185166853,1453267777177092483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,2254613271185166853,1453267777177092483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7818239071946530030,11140613305526755208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,7818239071946530030,11140613305526755208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2513792706505644211,956140111479808206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2513792706505644211,956140111479808206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7494148614873681425,15695977652885777412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,6036245595700720713,4281488295817384856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7494148614873681425,15695977652885777412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,6036245595700720713,4281488295817384856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb806a46f8,0x7ffb806a4708,0x7ffb806a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11dn5057.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11dn5057.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12gQ635.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12gQ635.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4000 -ip 4000

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13eR368.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13eR368.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15380261376342036012,4797656380310210679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8700 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 store.steampowered.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 18.213.74.63:443 www.epicgames.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 63.74.213.18.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.158:443 video.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 104.21.53.57:80 killredls.pw tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
NL 142.250.179.163:443 www.recaptcha.net udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 login.steampowered.com udp
JP 23.207.106.113:443 login.steampowered.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 126.210.247.8.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 216.58.214.10:443 jnn-pa.googleapis.com tcp
NL 216.58.214.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe

MD5 9d53a185b9943c0251c21b4d8abeb068
SHA1 5007d43a663337b9589173f4bf18b9dcbd2ae64c
SHA256 2e1d47d0f571141016eda3ed2de51a0d2be986ec99de8b9b8d960e4d16462549
SHA512 b688b8b4bdc4950b8b4f80df0f6d08df7c36f77d72163201bb1a9ce5ef7dc5e6b1ae842b1e5af6fee91662a83183f5002e24fb919a90ef548cdb88bb26026432

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZT3jI61.exe

MD5 9d53a185b9943c0251c21b4d8abeb068
SHA1 5007d43a663337b9589173f4bf18b9dcbd2ae64c
SHA256 2e1d47d0f571141016eda3ed2de51a0d2be986ec99de8b9b8d960e4d16462549
SHA512 b688b8b4bdc4950b8b4f80df0f6d08df7c36f77d72163201bb1a9ce5ef7dc5e6b1ae842b1e5af6fee91662a83183f5002e24fb919a90ef548cdb88bb26026432

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe

MD5 f9cc25a9c1fb4cd734423a7563aa6404
SHA1 840426b1ae1a7e5470482c9214f53b88fba1afe6
SHA256 9ea34e2790ebbe0bea4c06b573607bf9ae39fd73fc4e1a601c6f7320ead8edc7
SHA512 96b6a872763318be73b944dd8ded9f759cbe362d73ac3f2ab1bb68d6b104a9f65deaebb7822d07057dff639ff8ea1c595542eadcba47b1805db354548ff5e76d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hu5ds84.exe

MD5 f9cc25a9c1fb4cd734423a7563aa6404
SHA1 840426b1ae1a7e5470482c9214f53b88fba1afe6
SHA256 9ea34e2790ebbe0bea4c06b573607bf9ae39fd73fc4e1a601c6f7320ead8edc7
SHA512 96b6a872763318be73b944dd8ded9f759cbe362d73ac3f2ab1bb68d6b104a9f65deaebb7822d07057dff639ff8ea1c595542eadcba47b1805db354548ff5e76d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe

MD5 3f8a130d26d41931497f2a4409288c9a
SHA1 4a8a4d383a7c245c141b4897f8ef10e03e8333cc
SHA256 7e3a34947cd7e9d209c8258bc09bd7332e9d19817f54d7885d070a027e14bdde
SHA512 d6e8b2f7ba3ee060977e63675dcf57a72cbd695e9c3cb8f2071d4fd3cc3532dfc0c8ed8eb7f37047be784ead9b44d278b9bda13d716f57f61702f7359f424f9a

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10bF50dE.exe

MD5 3f8a130d26d41931497f2a4409288c9a
SHA1 4a8a4d383a7c245c141b4897f8ef10e03e8333cc
SHA256 7e3a34947cd7e9d209c8258bc09bd7332e9d19817f54d7885d070a027e14bdde
SHA512 d6e8b2f7ba3ee060977e63675dcf57a72cbd695e9c3cb8f2071d4fd3cc3532dfc0c8ed8eb7f37047be784ead9b44d278b9bda13d716f57f61702f7359f424f9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_4428_LWYAQTLPBGYLMDZF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_4932_PPLEKLFECRSKUSFG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_4032_RPUWGJXKBHIXPPRB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ba697df441c9a211e39219b9ba9a699
SHA1 55f20ea8a3d822f07480ac4456a81d6b2a191ab3
SHA256 e6a431c9d8278348b9f082ca0ebb4cc47dc5819ec7836b8c4163e6125eb4803d
SHA512 e9c2026f4367d0a117451dd793866c102a23fb82cd1a880603dfeaeacf40e60887c284f18c58e16339414b7ff88b89ead658cbb3a424507709ccb23de29a8de7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2515ad485c8fe6f8cab99141e832f11a
SHA1 e8173c7718b3d04989d1637266dcc945becc938d
SHA256 3d594a914e40c87318b4d7018ff8c7b1507cd902315cfa4177e7c9ee319b6a1d
SHA512 c3c87521923fd937e9029cbb637ee4afbcd21976cdb8d37d71ea0c95d66b02b39d229cf5410138c67a1c4b93281ffe797738ecba83dc454d6b82640236316420

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3c7645a8b5661a88f2055c0808277a24
SHA1 16188e62e30a3e1246e474954e185941d52484ec
SHA256 4e1065707ac390066fbffcc961103101aa1956275660067a7c568a9c95635ac0
SHA512 cae1b746753fa390b1b536976fd8dcfcfb6cc51e20a084c18817fdaf9f053d2fd1b4cf703aa2bfb5583d4aa5102b45f3199204d91795641c2df13d4315582bc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8ecdde4c-0514-4547-988d-927f047182b1.tmp

MD5 6e6dd7f8829c385424b093e3d9b9009c
SHA1 3f29f1ba8997ca738e6c122c67a7f11a35a03375
SHA256 5263ccf5052046132f995c434f95047b0fcfd0a75e5a39245a8dd92d9f419f7f
SHA512 2480c5f36c45cd2ff2a404ecb46106cfa22f4504709ffb0bf3dec6071812285664f5fcd1b09e82ce8de65d0ebee649c3e17a0fb9d79d7c6f462005cb3a805e9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3c7645a8b5661a88f2055c0808277a24
SHA1 16188e62e30a3e1246e474954e185941d52484ec
SHA256 4e1065707ac390066fbffcc961103101aa1956275660067a7c568a9c95635ac0
SHA512 cae1b746753fa390b1b536976fd8dcfcfb6cc51e20a084c18817fdaf9f053d2fd1b4cf703aa2bfb5583d4aa5102b45f3199204d91795641c2df13d4315582bc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ba697df441c9a211e39219b9ba9a699
SHA1 55f20ea8a3d822f07480ac4456a81d6b2a191ab3
SHA256 e6a431c9d8278348b9f082ca0ebb4cc47dc5819ec7836b8c4163e6125eb4803d
SHA512 e9c2026f4367d0a117451dd793866c102a23fb82cd1a880603dfeaeacf40e60887c284f18c58e16339414b7ff88b89ead658cbb3a424507709ccb23de29a8de7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2515ad485c8fe6f8cab99141e832f11a
SHA1 e8173c7718b3d04989d1637266dcc945becc938d
SHA256 3d594a914e40c87318b4d7018ff8c7b1507cd902315cfa4177e7c9ee319b6a1d
SHA512 c3c87521923fd937e9029cbb637ee4afbcd21976cdb8d37d71ea0c95d66b02b39d229cf5410138c67a1c4b93281ffe797738ecba83dc454d6b82640236316420

\??\pipe\LOCAL\crashpad_3288_WWWVHKCUTUFGCCUA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1329aed7b5bd07b0846a607b38eb340
SHA1 ba360eaa8ddfb8df1268dbc3a894c271dad56a2e
SHA256 814e65f5c0bcfc6e25dcc2bd0d496bde67e9482699b196074682d68c58e65f15
SHA512 825dcf851d50482de10e7a1d1d92faee850fca60db6ba0a18931593bb27729371bbb867fcd91aa04f52baa8088ba825edb061210dfbc1c53b15c9a3af633c2aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1329aed7b5bd07b0846a607b38eb340
SHA1 ba360eaa8ddfb8df1268dbc3a894c271dad56a2e
SHA256 814e65f5c0bcfc6e25dcc2bd0d496bde67e9482699b196074682d68c58e65f15
SHA512 825dcf851d50482de10e7a1d1d92faee850fca60db6ba0a18931593bb27729371bbb867fcd91aa04f52baa8088ba825edb061210dfbc1c53b15c9a3af633c2aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afa08302bd762367736342071dddbf34
SHA1 6e09326d07ad71705b69e62893fedfebf7c073ba
SHA256 08388f71d82af192123178f746fbb36f5bfac5a54571bebc57281479f8d9ca33
SHA512 2afd1f06d2b95e172e28781b3b5a997f51c2b824c8c91fa98f07ddd3105be5c9eec544df810eae41e18e8e07ba98a703a1e255ff25872c9667fed9aafab59895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e6dd7f8829c385424b093e3d9b9009c
SHA1 3f29f1ba8997ca738e6c122c67a7f11a35a03375
SHA256 5263ccf5052046132f995c434f95047b0fcfd0a75e5a39245a8dd92d9f419f7f
SHA512 2480c5f36c45cd2ff2a404ecb46106cfa22f4504709ffb0bf3dec6071812285664f5fcd1b09e82ce8de65d0ebee649c3e17a0fb9d79d7c6f462005cb3a805e9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ba697df441c9a211e39219b9ba9a699
SHA1 55f20ea8a3d822f07480ac4456a81d6b2a191ab3
SHA256 e6a431c9d8278348b9f082ca0ebb4cc47dc5819ec7836b8c4163e6125eb4803d
SHA512 e9c2026f4367d0a117451dd793866c102a23fb82cd1a880603dfeaeacf40e60887c284f18c58e16339414b7ff88b89ead658cbb3a424507709ccb23de29a8de7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afa08302bd762367736342071dddbf34
SHA1 6e09326d07ad71705b69e62893fedfebf7c073ba
SHA256 08388f71d82af192123178f746fbb36f5bfac5a54571bebc57281479f8d9ca33
SHA512 2afd1f06d2b95e172e28781b3b5a997f51c2b824c8c91fa98f07ddd3105be5c9eec544df810eae41e18e8e07ba98a703a1e255ff25872c9667fed9aafab59895

\??\pipe\LOCAL\crashpad_3012_CICTTGEQGXXUDENZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afa08302bd762367736342071dddbf34
SHA1 6e09326d07ad71705b69e62893fedfebf7c073ba
SHA256 08388f71d82af192123178f746fbb36f5bfac5a54571bebc57281479f8d9ca33
SHA512 2afd1f06d2b95e172e28781b3b5a997f51c2b824c8c91fa98f07ddd3105be5c9eec544df810eae41e18e8e07ba98a703a1e255ff25872c9667fed9aafab59895

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11dn5057.exe

MD5 8ca0cba3bf969970094eed56e090b87b
SHA1 6863417db3a1e10ce0be8087d8418c5d6e2d1aeb
SHA256 ec6f4984ffce53a54a6f6b259c58df35b8102fdf540b5bb0e9e4d351e3419764
SHA512 c8eb21a984960826f41de0339e731d19cb7f9b6cae022fdd3c70575e91e1a482fdda689361fef8015be08a5f4600f8bfd24b9e23dc02b1f2c3397ee1622f7efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e6dd7f8829c385424b093e3d9b9009c
SHA1 3f29f1ba8997ca738e6c122c67a7f11a35a03375
SHA256 5263ccf5052046132f995c434f95047b0fcfd0a75e5a39245a8dd92d9f419f7f
SHA512 2480c5f36c45cd2ff2a404ecb46106cfa22f4504709ffb0bf3dec6071812285664f5fcd1b09e82ce8de65d0ebee649c3e17a0fb9d79d7c6f462005cb3a805e9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2515ad485c8fe6f8cab99141e832f11a
SHA1 e8173c7718b3d04989d1637266dcc945becc938d
SHA256 3d594a914e40c87318b4d7018ff8c7b1507cd902315cfa4177e7c9ee319b6a1d
SHA512 c3c87521923fd937e9029cbb637ee4afbcd21976cdb8d37d71ea0c95d66b02b39d229cf5410138c67a1c4b93281ffe797738ecba83dc454d6b82640236316420

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11dn5057.exe

MD5 8ca0cba3bf969970094eed56e090b87b
SHA1 6863417db3a1e10ce0be8087d8418c5d6e2d1aeb
SHA256 ec6f4984ffce53a54a6f6b259c58df35b8102fdf540b5bb0e9e4d351e3419764
SHA512 c8eb21a984960826f41de0339e731d19cb7f9b6cae022fdd3c70575e91e1a482fdda689361fef8015be08a5f4600f8bfd24b9e23dc02b1f2c3397ee1622f7efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca5ac3e6ca9a8f75553b4021a67c8301
SHA1 84d7d7e0477e5d6e23e00dd17b2e223e1a5a5c43
SHA256 962f5e09c0649a90155367882d0a76d5c0043bf153fcf4b3c8a28c732ea1aa6d
SHA512 88dcb9a719591943d23ba0726513cb3d3a166abe17c5afa5672f1b58a775bd62b919cce9c97edbd3a5305f1604fd4457423f3839b663f13ce6e1f49d36dfcb0b

memory/4000-249-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4000-251-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4000-252-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4000-254-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12gQ635.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12gQ635.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71d08f7e9eefda8fd8fa170dfb3c0943
SHA1 6a6fc1d56ee45df3b46c837808c8eb4e36561ad6
SHA256 4120acf9d810df0f3e9eeda0a8d803d50ec3d436d7431f7fbc2ff8a2891d04d1
SHA512 7f03b95cb1137aab33d447989c5e2219cb4ef29b0d743a6a12af4d58ab5a7e2f98a9b06314b3c44dbaa19da37fb094bc878f6c33367fdbc06faee84c0d6682fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3c7645a8b5661a88f2055c0808277a24
SHA1 16188e62e30a3e1246e474954e185941d52484ec
SHA256 4e1065707ac390066fbffcc961103101aa1956275660067a7c568a9c95635ac0
SHA512 cae1b746753fa390b1b536976fd8dcfcfb6cc51e20a084c18817fdaf9f053d2fd1b4cf703aa2bfb5583d4aa5102b45f3199204d91795641c2df13d4315582bc2

memory/7004-284-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13eR368.exe

MD5 94ff5d4f6784499584c995b79692512d
SHA1 4a333636a5d9278e439b5c6d220e35bf0a863a30
SHA256 c86dab79bddb8204b8fcf0b88aa941cd8dbfb42d7574170c86d1defae7df2814
SHA512 6cdb8bce61e28e20fa5eda7f1c18deda7bbede7ad9f8c540bf9e4c05d57b42ba8051529e0b7f3d4647626e95c4b1afae99b7d867fd4dedbcf78c67ff9bb1dfb8

memory/7004-287-0x0000000074650000-0x0000000074E00000-memory.dmp

memory/7004-288-0x0000000007F70000-0x0000000008514000-memory.dmp

memory/7004-289-0x0000000007AA0000-0x0000000007B32000-memory.dmp

memory/7004-302-0x0000000007CE0000-0x0000000007CF0000-memory.dmp

memory/7004-303-0x0000000007B70000-0x0000000007B7A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90fdf3cd7009211cd2cc67ce46f09691
SHA1 32c5ddcab907eeb985fb102cb1e42557119312d5
SHA256 e3f6c523c26e53bbea6c51e29364e18df9de3505ab0ea3a0eb9d4c0ebffdff02
SHA512 3aa2fd54c9236bb2e3044adaeaa65a7a043954d79f2bcb718ee54613ecfbaf2d2450e2da65481953249bd8a6801e09268c2f27213bdf51abfcf25ac6e202c822

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f1881400134252667af6731236741098
SHA1 6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458
SHA256 d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75
SHA512 18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

memory/5484-322-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7004-323-0x0000000008B40000-0x0000000009158000-memory.dmp

memory/7004-324-0x0000000007E40000-0x0000000007F4A000-memory.dmp

memory/7004-325-0x0000000007D50000-0x0000000007D62000-memory.dmp

memory/7004-326-0x0000000007DB0000-0x0000000007DEC000-memory.dmp

memory/5484-327-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5484-328-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7004-330-0x0000000007DF0000-0x0000000007E3C000-memory.dmp

memory/5484-331-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf1769f6073c95f329c08e2dc11810de
SHA1 008a23cacbc9afab04177ac2bd79829f5033d619
SHA256 eaf0bb81497bfc09715b3335e572987681912dc9be67663058c1797e637557a3
SHA512 5d83b932386107fd5528ec612cb06b3a2883bad9471f2edc1a9592812e4365e000d9cea293d877a639b1ab5e142b1505107ae26afe5c867e7e4d931bef15b6a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5883b2.TMP

MD5 e9bacbb201cdc7e24b8dcccc24a96311
SHA1 3061449c0932e105bfd7136a6c55b8c32f21dd68
SHA256 f53f2eaee819d17be05113665f20ef7fb32d7635086b0e5212598f5667d9745c
SHA512 a6f884b21411bb72b05905b5e8f21811441b90f4dd8b272c37c6b38b745a14d93bff960b3316f0df41656d6eff753748eb8a9bc579d7dc5c69ace5adea330f44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 60ea10851fb801862e48b11f8d34f20e
SHA1 b6e68fc708aa7b81673ba63f3bc89f3865d68485
SHA256 1e452c8708b7f366b5a37b83e276194c16c113ddcc40259cf6cee92f00586f84
SHA512 cc6349371909101f47702c7702f3300f5765d94c22a50d61a14249805c6b5cebe867a1a5986088a2f8d6c82b0957646cbd8432b65ff1c1327ed4322f11dd0419

memory/7004-600-0x0000000074650000-0x0000000074E00000-memory.dmp

memory/7004-627-0x0000000007CE0000-0x0000000007CF0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d83a85e8f65d9fc2038dc21ced16369f
SHA1 e2df6ac96a910ead17e62d5f1692ececdb18cf23
SHA256 6a83127966c1cb49a3a78df3e62079fa0a9b25d78a40c0b8a6d921f7b64bf53d
SHA512 92d945ef281ae6e14823238de1c2405cbca998dd9d220243804b220ccabead4205241c6a4b5e5d88afa0d6aebf34b8a0f64d5ace230261076829b45824781425

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7b82d692190f79065511275be1451d8e
SHA1 a45b63e6c2a55dd300873d548471c508f87c2f99
SHA256 32457d8431633af9a0fc6fafd6f5ec1dcf5e79a496e170bfba5cfe78ff3128a1
SHA512 e3b1fc90bb43436d4dc7c576aa3ac322a5a809f7fcb72fa3dbbcfd7daa457e46b1a615c133f809ea1cde6f69371052a3928af1d65ea4700726b7a0f490b00a4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 2fe8f16d3437d17d4cac0ef63657e76a
SHA1 1a0d52ee22b929e3e7c64254ddfe89da0aea75f6
SHA256 ccd2193278f538df27855b5c6d8c0720e4df8ba17239970073c1c043a7dca941
SHA512 36f6a0f1de0763db2ba2148326d37f6db21e26391df5158ad791cfc7ef2a022ac34d4eedcd496a2a4e913fdfcee16245458eb9be748cde5019bc71d0e52ad993

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58e74e.TMP

MD5 e47499054d75f906edbcad7d4d591c85
SHA1 65fefcb60c433c540a25d792ae2a2e14b893450d
SHA256 a87c98cd28d99aa5032e5d8cc10306887967a79daaaf816e5152cd1d5e12ee15
SHA512 ffd1f5b4ccde6dbc51333052f6dd065adcc70ea1424e20156f459998925758214afcbc4198754d86afe9d2b76eb3d48994400efa3450e5895f9ed6125018199e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 32c64f054d6740b57b3dd898e3a1b290
SHA1 853e205e037878fb1c8eea556339f14d12704833
SHA256 018a4c456ff8ce58e6d7c6dd25de8f616dc08752c6e47659ca0772278cda02e9
SHA512 ce100c92e673eaf352e706705d8616c8a97cfd85d8a34447fefec12bee93d194183782e949661ada3a8aa05177f67bb48e81b05d2639fc5263ec96415ad46194

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0c1b772ef02ce454e4d765b9fbb496f3
SHA1 7ac328ff2ac2992417e9750477cce3f4da60bb94
SHA256 bcb226ce28b05f9b24c36672ac00a3ffe1913737f8ee3fcb0503598be091f1c5
SHA512 91bd50dbfbd26e3f6881ea7247660b3876d1ce420951c7e714edeccee2688194c87f1810789b2ae24939990ff32d921c69d5c45589c5266c6ec778f1ac043e20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d98c813d94879c621377d3e1946fc87a
SHA1 7fcc599ace3b2e1d83671e7fa97e4f80871112c4
SHA256 8e9e01cab8c3be0af307540bf556a313fc66e58115ef4efbf22299a6db666a68
SHA512 ebd6fd80a5f5cd5e4d8eae03fd61c1d49650db50e743b097b9460228c56084874b570622c67461404a26c4a7cfd0a1a4817795e3cdea2953369b78d89f354585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\560179a7-a74b-4516-8dc4-ef85cd441495\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 57f326dc4296707d419380c7391f84b3
SHA1 826fe9dd7765e9e98675080b3d8af9f49a890157
SHA256 28acb284682089083318b7bb1ace5e956b59e872f6c4cb7528b48917cfad4a9d
SHA512 611ebc542e295a2168d754359100775c274ea21502c7904f5727636fd140428cd55b101bb063feccdd7a0797c9092f3d9092dc8d8a80c06bca04cf5be7c459b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b7888cb1316fd5374d656d063f23e85
SHA1 506efde23fd74ebb9d2aa07498287907b0de563f
SHA256 e0c7c359a4dc6539c78e534b49aaae0672662e779f9da34ddef592635c2832fa
SHA512 71a34d119ff7de346720c660ac43d37498d9235998bd827f38e1af567f50a7e110545ceceff0d439f8fd856a73526dbc89d7761f7f2eb384a74ea433fcae0cd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 abfbd6de349e496f2ca81dd2a24ac499
SHA1 a1dedc96522e1c1394074095ce5a3a99fe5a8026
SHA256 8f2e735a642aedcf713ec39f41a29187182875b689ed2bc8d47a3f098d68f3d9
SHA512 d7443c539c5d631f0725b65271cd808badd6024e45de322617323799ffbb0508580709b4fd38a7e81a88394a17b5412c1134133d5849fc25be221e62dd7a08f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 951434fc42d994a89b166d4c5d920c39
SHA1 2d7bd7045976f662c11fd9bc1cdfd9f73d7a5ffe
SHA256 093dcf03d861c98c6ed28857944785659e52230a1f8bba89a5d1230ea2108dd9
SHA512 37b0d3d53099fdc44eea22c226fee2d5257f508dac2ef31aef049db1f71c3b46645037167dd3d9c37ab728872cf81db318924320fd085a7ebed2520efe398221

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\25efc9a6-5fe1-4094-b2ad-798f54e17372\index-dir\the-real-index

MD5 9964e356f24369536223f4b052e00c1c
SHA1 dc1f9e0ffdf1cd0a83341ffb2bf101b964c27b59
SHA256 5f2ec656b860d1dc4018e584797eaf5d48a07823a102a533b2ae5c8fde4e5cba
SHA512 d1f03e54e5cc978bf5230a36d902a7d0d1068f395dc6e7ff30c9e05f573b8a7ce010ca7bec96bbcd0c76b31f375aff75f482fb16ca50336eabc50eb4bc59f728

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\25efc9a6-5fe1-4094-b2ad-798f54e17372\index-dir\the-real-index~RFe5938d9.TMP

MD5 2b205c078828c45a08967adfbd64d4f5
SHA1 91512169f2ac6c186a6ec6480de373cecf301f99
SHA256 665175e8df6445604ea11cbbeddf948fd91bb6082d6dafe8a2ba2aa324c73258
SHA512 51e92cf5c2e3c1bbbf3017dc9c4af0159b2c4e91485533e2983e49463ca6a55e98a417aae7e9aa29c95bbca186e51072e5cac225311e288afd618b78aa0cdf0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 224f5ea989eb5eda9d908e38e413932e
SHA1 72faa45face7a31a014b1f7bbf25822881d0d4eb
SHA256 a69d853a9c394286a258a51e5cbbc5ba1d9fdd2ed6bb634563b49927e04e8393
SHA512 b72a07a5f3c1a1d8becabff3d038ddb272fc1825a3fdc07bcd736ac60626785db6bc0c1b9f1ccdd046e9314306a04a9830cfc921d8f3e20c83cf7f2b1ae61da1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6db191d73db4058e7b29e025a0a4fe68
SHA1 c43d321f6b21754285e4daab12e944f19d44e67e
SHA256 c2c93e87aa3a4c4f0d2fa92ff27f8b8978fe088f97b8bc376edfc2e4e4617721
SHA512 c94bfe31262352d84479afd5a6f5c7a67124442c38289526c30bdbee948bda566882a815b9c31517e70db6b961175964bd28bcd10e28ebb02bf189a175b5c03a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2e36ce2c6a22d1d1ac98b0db3bde36ec
SHA1 2ae9a07c2f94715eb08218e79fc01c40db50ad10
SHA256 602cee4418cf08c3bb231890e2d3b946765987c102266eebef1f1db39a23dcdc
SHA512 de6fa1b33d013158509b4bf11446623fec4bbc892a6438a3b20d22a55fab5d35f83cbf9fc46f9c1cf00e0d94bde9e6337517a994a79cecc2581928b817022017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b660a0dcf570492bd7abd6a5665e9d2f
SHA1 3805a23eca9f21bb2808c45d5262cdec45aa8c9c
SHA256 d1e87e0d5eb82908a2642c6dd952067a4938bb356abf5d498983263d1139356d
SHA512 62220d6f1ccdf1d9fbeac6ac6d32542e25536e151af088ca94b132f4eb02970c5b7b1130f1d8069a70ea8bff5b3ea6933149d80254bfd49fa60a7ac5092584f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596538.TMP

MD5 e5415937c28c5a5148e2016053daf96b
SHA1 aedaa7cdb805f6f5809dd3d1768ed5c369e183b9
SHA256 e278fd5916f76bea88643a464c7aee0b37dd967925cd5a474620186f43e8664d
SHA512 25a5e59ee292827250e73a4edb57be7a98edbfc4d7b63acaaf61efece951594f18e7a1dc390fa14d139e2ea614a9a13746977289395c7444d885332c085f6bd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef19b8aabffe1645da89c036a91219b8
SHA1 3abc11a9364c9973c12473f256f1f03709e728d9
SHA256 7fc578af5109cf0d959ba492e845db70f631281fe6d1ad145bfab57d8c8d0e52
SHA512 08ec2245f555e5757f1ffadf6fdbb95864f54768c3efd9e5810907f4cf09903ac208eeaaa7333ea81808a8577e457d07352a59aebf3c41e758ec5b0ad08c4bf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a6d25ac-0935-410a-91be-02dbaf2ded14\index-dir\the-real-index~RFe5978ef.TMP

MD5 718c6cb9c5a03b3fd5d7cd97698866d0
SHA1 d908d22d9f4945505e2414ecaee1553a2a22eb9a
SHA256 bcb48faef3ede962b625fd952daa37763c64901460b0009da6cbc7d3b5f01266
SHA512 684e95e8ed2e0ee587c2ed56181af2cb8464c0ccb6ec6d93d5c4b09ffb96db6b277e6a431f19e3074b0f3e28cf4044e8f192e06df79087803e23418b8dbdf5f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a6d25ac-0935-410a-91be-02dbaf2ded14\index-dir\the-real-index

MD5 874849547d41b48c4df7d7ee6e83640c
SHA1 9406fd1367c317d7efdbea8d89d1f4f2cfc07796
SHA256 a4a0506792d32a5bb8d20e7732d17c09bdb3697f15ec84d1a77c34c611c71c97
SHA512 402988ef5ff9d2487c36e881ceb7512cefb0b2eaca564e1bb1997ec6df36b1549b3de2fa78fc860b7e202e4a0272ccdac5367b74c9e2d6c18f11d334346fb297

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8a477bbc7ba88ce504edc5ad1bc950e9
SHA1 8973e9689834497ec6edcbe1faf548b6d94ea35a
SHA256 54490d5f8bda49c82200c7b906a666253c40f293df17879416f0ec9ef9af8b9c
SHA512 49965dcf48aa4ed61ad43e7bdc961494d8398d25f00bcc46cea62ce678757f3eaac316590f08f401f1a28a08e848ab485f91fb215ce7812232a4b80efd584eea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\55bb7c93-0d67-4c18-9f59-050da476906d\index-dir\the-real-index~RFe598ce4.TMP

MD5 e3d8a3096d849c803fe0c98a15ad15a6
SHA1 3bb52fa8dc2c02fdb803afdd80ad11d31e2dd7a0
SHA256 4199e066523473459b43ccc8d86deaa42067d42482d6b5606718bfda0e084b2c
SHA512 3bd2ee72ce1b6603b8579b2929aed23ece62db216940a2c23aa3a3015bdcaff7fcee3ce3a63fc1ecf3a75a22fd914ea37f8225afe3d47b5ff15f8e4aca955819

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\55bb7c93-0d67-4c18-9f59-050da476906d\index-dir\the-real-index

MD5 1cff54b52532a9a1914dce04f9e47646
SHA1 ed76fd948c2f8289abf52590e42c7bb755057496
SHA256 b4a4b1015dd4f1798d383e54405ecd24ac0b3ba2bdc3926366e80e6870c55670
SHA512 9bdb765be36b891dae731f343b1c300f5a2288751bada55626d216a3e2738a087be3ed61ab88efa584c6b48d7157465e4799c00e4bedbdbaeed10c4178b5412a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 03ef51135df8428ad5b5854c19e773db
SHA1 26515ab8b3ddb8d288f8295fdbe3e78f38d66470
SHA256 723ac232ad46c434c7b7625eb248f9d2e62c7cede2c2f0307d2af3f9837f009a
SHA512 32a53d8b4d6ee1194c66ce8e907478a2c40ca8bc5e7008ecbdb414b2ec36e21e0af789b8e38949a89619b8e9e7be8400fea0531938da8ced5703cd6ae52178d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 14fa878032e42fb7436a6c70542638c6
SHA1 87cc99dfcc613a3af1c2953204df4f97a58be0c8
SHA256 b7d1b3d6f7ed8ff4607a3f72fb2825aa6ba8486df76d37273d39b4e23a597bc7
SHA512 5b7b27a442fddc8de6ae4b06cf9bb4f21795e59d5a1d77f1c26689192ce0d84ac186ffcf8fe5226daf1c803b6cd28a271f8abf3a2a0935d46f3698fa90732f63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a431f78badae738a94f2224f08e37da
SHA1 b2251957fd885fca9b40978a20a8668730bbefda
SHA256 4e54ad3bccccb92485253c4fb74153769b0366d1b9bba303f1aa88021f54d9f6
SHA512 4aa7bad4d97300c116ebd3424eb034742035db3f31a50c0549cd85d0a9d10487e918a66de630bfc4fa7e9fff29e6affb2a33949b508250f9bbc275d1cdb2fdc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 53045a2e2a279037f15df262030ebba6
SHA1 22228dc6b1d2b1f1668ff5788de1af7fbc0540fa
SHA256 de8aa7a3c410a2b156245df9fff4279182af83972b5a3718f9d90bb843e704d3
SHA512 1d455114c2f60334f9558f8e51c0fe205bfa3dc2de6eb2ee6e41ae2193dba1c8f2d6b3a036a1aca469a24d28bb3de0c486464bbb522aa25d7387cf63ad9b10cd