Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-27t5habh9z
Target 777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4
SHA256 777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4

Threat Level: Known bad

The file 777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Detect Mystic stealer payload

Mystic

RedLine payload

RedLine

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

AutoIT Executable

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 23:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 23:13

Reported

2023-11-11 23:16

Platform

win10v2004-20231025-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2764 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe
PID 2764 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe
PID 2764 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe
PID 3112 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe
PID 3112 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe
PID 3112 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe
PID 900 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe
PID 900 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe
PID 900 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe
PID 4596 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4836 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4836 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 2412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 2412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2236 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2236 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2164 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2164 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3444 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3444 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 5216 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4596 wrote to memory of 5216 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5216 wrote to memory of 5336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5216 wrote to memory of 5336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4.exe

"C:\Users\Admin\AppData\Local\Temp\777a55eb14aa4061e78d16365d648d31317770f2d65f184e011938b9c07e09f4.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b5c46f8,0x7ff90b5c4708,0x7ff90b5c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15362983103072518412,9683486518437105767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15362983103072518412,9683486518437105767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,12379365323291608920,10168147702141013791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,12379365323291608920,10168147702141013791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,9516360975529080659,2148661342155288122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,9516360975529080659,2148661342155288122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2062071944066107485,9967560300724287564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2062071944066107485,9967560300724287564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2324330801022674852,6681279744650216157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,8538683115111436341,16084478681887887836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4473822836201615744,9204246613010344500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11fG2651.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11fG2651.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17027984303127999922,14807041106550049263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12Ju184.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12Ju184.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6744 -ip 6744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13Wl749.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13Wl749.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6960 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f8 0x3d0

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13116401659021517255,9083525981481626117,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8048 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 254.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.paypal.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 18.233.175.4:443 www.epicgames.com tcp
US 18.233.175.4:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 45.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
NL 142.251.36.45:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 216.58.214.22:443 i.ytimg.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 4.175.233.18.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 136.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 22.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
N/A 224.0.0.251:5353 udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
US 172.67.209.38:80 killredls.pw tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
NL 216.58.214.22:443 i.ytimg.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 i4.ytimg.com udp
DE 172.217.23.206:443 i4.ytimg.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 172.67.209.38:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 fbsbx.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
NL 142.250.179.163:443 www.recaptcha.net udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 login.steampowered.com udp
JP 23.207.106.113:443 login.steampowered.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-5hnekn7l.googlevideo.com udp
NL 74.125.100.7:443 rr2---sn-5hnekn7l.googlevideo.com tcp
NL 74.125.100.7:443 rr2---sn-5hnekn7l.googlevideo.com tcp
NL 74.125.100.7:443 rr2---sn-5hnekn7l.googlevideo.com udp
US 8.8.8.8:53 7.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
NL 142.251.36.14:443 play.google.com udp
RU 5.42.92.51:19057 tcp
NL 216.58.214.22:443 i.ytimg.com udp
US 8.8.8.8:53 rr4---sn-5hnekn76.googlevideo.com udp
NL 209.85.226.9:443 rr4---sn-5hnekn76.googlevideo.com udp
US 8.8.8.8:53 9.226.85.209.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
NL 142.251.36.45:443 accounts.google.com udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 74.125.100.7:443 rr2---sn-5hnekn7l.googlevideo.com udp
RU 5.42.92.51:19057 tcp
NL 142.251.36.14:443 play.google.com udp
NL 209.85.226.9:443 rr4---sn-5hnekn76.googlevideo.com udp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe

MD5 f1b2546418e7b7bc5468d90377953b45
SHA1 8adf6b103e9333fdd9469d4be24392bc2c8fd1d4
SHA256 11bbe663dc0fbf6ca0b88bdc082a9f6382888c98d14a5292d8dcc8fb832aff2e
SHA512 94180bddd0a24a967a035402552e3c4293986b3fb11a1837ab95e8fb10b3513bf482728026f5b0b8b333f9459fd7035dcb29edcc6a6cb6bb8ac97002b618b8c3

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\RC0Eh06.exe

MD5 f1b2546418e7b7bc5468d90377953b45
SHA1 8adf6b103e9333fdd9469d4be24392bc2c8fd1d4
SHA256 11bbe663dc0fbf6ca0b88bdc082a9f6382888c98d14a5292d8dcc8fb832aff2e
SHA512 94180bddd0a24a967a035402552e3c4293986b3fb11a1837ab95e8fb10b3513bf482728026f5b0b8b333f9459fd7035dcb29edcc6a6cb6bb8ac97002b618b8c3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe

MD5 6dc1d90640dde7147159127ec3f6da88
SHA1 3bb964e45b9d579c5a3efe37e92ce77c0b0cc56b
SHA256 d83a381207042655ee2f215416ebf56f9508bb56f6e03577b1dda66728321d27
SHA512 3424cc310af2fb2d5bf98307b2b24f7152479be41ccb97b7c7f4e8671ef1f0f99cfdf2258b45bd158fdc8c75bb7d75da7ce7ce320cceafb5c81764f0c937f6c4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Wx4Xw93.exe

MD5 6dc1d90640dde7147159127ec3f6da88
SHA1 3bb964e45b9d579c5a3efe37e92ce77c0b0cc56b
SHA256 d83a381207042655ee2f215416ebf56f9508bb56f6e03577b1dda66728321d27
SHA512 3424cc310af2fb2d5bf98307b2b24f7152479be41ccb97b7c7f4e8671ef1f0f99cfdf2258b45bd158fdc8c75bb7d75da7ce7ce320cceafb5c81764f0c937f6c4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe

MD5 1ac19d5de8d34f7d50076c628ae0a525
SHA1 c5a4921befdf30771d0c8ac507b3a5c5b935c48c
SHA256 d1e9225338f160edf950038844c90c915e411ecf9a949f708584e5f620e2706b
SHA512 2c786a9de32a94133690346a3efeb08538f8ede43ce271884aa37713364b6dcccb68eb6138352f02c5a33e7ae101a7aa227c74ff5b44738487d23b467f66098e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10Zn47Og.exe

MD5 1ac19d5de8d34f7d50076c628ae0a525
SHA1 c5a4921befdf30771d0c8ac507b3a5c5b935c48c
SHA256 d1e9225338f160edf950038844c90c915e411ecf9a949f708584e5f620e2706b
SHA512 2c786a9de32a94133690346a3efeb08538f8ede43ce271884aa37713364b6dcccb68eb6138352f02c5a33e7ae101a7aa227c74ff5b44738487d23b467f66098e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4868_XECUCKFRWRIWYXHK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4272_UZIQVOWZGLRTSWXP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4836_TMZLCEWWNUJIVFFX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2044_PXIPOKHKKOXFAXVZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 526035c3a9a81c2332eb054e97e95880
SHA1 bd3ff444618bb862f648b18cf65dffa7de08e55d
SHA256 e30baa82e0419d4cc8095d963f27c7af4a59463aafb0f1ad7c4a76891be9335b
SHA512 8b59c3655d6b7cbd5bb8166112d2c1be46f25ed7fc17abd1fcf9d81dde74ee86819950674b98f3dee39e3be5caf3a6b998bb0b5b8d8a5289071ce44ccfbd5bb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 526035c3a9a81c2332eb054e97e95880
SHA1 bd3ff444618bb862f648b18cf65dffa7de08e55d
SHA256 e30baa82e0419d4cc8095d963f27c7af4a59463aafb0f1ad7c4a76891be9335b
SHA512 8b59c3655d6b7cbd5bb8166112d2c1be46f25ed7fc17abd1fcf9d81dde74ee86819950674b98f3dee39e3be5caf3a6b998bb0b5b8d8a5289071ce44ccfbd5bb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 18705f2bbe9f9380b5ad594a7df65ea5
SHA1 708e02f4834a208a493062a2f239ae14bf25d3ba
SHA256 e41157d3fec448f3cc0d7c3e459ca2d0ba0739a53500c20946e7df2a1891a5c1
SHA512 5b515df0e943fd0194d602aafe43b7909bbd338476fbb09d55b27d57a836fa6c75d45714ce2c87d4f3e3b117b0898d14c373133765af47beec83a72ac8b665dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 77445d35c9f9cb45450c8675d22b153e
SHA1 5bd790a6895ab80b7a3d097f163e7279044087a7
SHA256 3f82e244268bfbe97f7be9a63b23f031e6ac897946ab0411b1bdcf23ce958910
SHA512 f60da53fc21027c75035df9e4f0ba31b785b8435a3f67ce5935f4b75cdf7df9cb4ec86e5f6b84355319013d6796ef887c151109223ace770163235ff6e1d9dde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 77445d35c9f9cb45450c8675d22b153e
SHA1 5bd790a6895ab80b7a3d097f163e7279044087a7
SHA256 3f82e244268bfbe97f7be9a63b23f031e6ac897946ab0411b1bdcf23ce958910
SHA512 f60da53fc21027c75035df9e4f0ba31b785b8435a3f67ce5935f4b75cdf7df9cb4ec86e5f6b84355319013d6796ef887c151109223ace770163235ff6e1d9dde

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11fG2651.exe

MD5 e6ac2ccfa658b1c775098847daa0d18d
SHA1 0404bdd23d54b202d03425507459610bdf2bab51
SHA256 1520bf17309ac55555c32626b26ee53ae2e5532dfe1f107d87311df17792c4ba
SHA512 9177f473aa27bcb4f2b8c425d702fc8e8bc22e825593a17713dff79381d149cb15c98af09182b2492df8b7f4735be7484244455af28c45c6948c8e83ac20ad21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0b88552787cc85ba2d1dfb0c0d6e6287
SHA1 1d0b262ec2ebd0742200e7de528e265666d47075
SHA256 9b4074c18160c110ece68567728b1879abeb73e288df37f49b46a2a89d2d5e16
SHA512 afbef1c03ccafed4a999d7353c63994cf326e87e0628a867eb61c4edf17abace611ec73cf480e5f5bea07789bdb69478c2d533b4f8a0e339067aad12b1dfcfa3

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11fG2651.exe

MD5 e6ac2ccfa658b1c775098847daa0d18d
SHA1 0404bdd23d54b202d03425507459610bdf2bab51
SHA256 1520bf17309ac55555c32626b26ee53ae2e5532dfe1f107d87311df17792c4ba
SHA512 9177f473aa27bcb4f2b8c425d702fc8e8bc22e825593a17713dff79381d149cb15c98af09182b2492df8b7f4735be7484244455af28c45c6948c8e83ac20ad21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e106d377b48466e23bd919f3fe7dacd
SHA1 0a23c48a4961aeac5ebf70575c7284c344adc913
SHA256 bab072553d7d264059f0e4687aa551ddd6ea45471d7b8b9f2a4a01dc3d886651
SHA512 8787979922749a0bd1c0698596a5b7a8c142d6b6c53df407fbdf2d884a159ef9ef8e859265e219327e9609d2d6348ed1026360a1782c00a71b35a50f341e3e3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74b7d3375932f1924ff2fed89c99e98e
SHA1 a7088b7ce849dbe7fcdda2544d1657ff839f994b
SHA256 635352dd299fd47b4841da43d6b76cabc753f6ebd97e3aa119fdde47683380b1
SHA512 a5717ebdf2d7cd1395b500b9fc057e17fbd5f7096bdc2e1c365744a1d607d91ceaadd1e88f1a0c3d5c438eac5c515415e8d5caa5a8954cfd58929e6a0e75a6ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0b88552787cc85ba2d1dfb0c0d6e6287
SHA1 1d0b262ec2ebd0742200e7de528e265666d47075
SHA256 9b4074c18160c110ece68567728b1879abeb73e288df37f49b46a2a89d2d5e16
SHA512 afbef1c03ccafed4a999d7353c63994cf326e87e0628a867eb61c4edf17abace611ec73cf480e5f5bea07789bdb69478c2d533b4f8a0e339067aad12b1dfcfa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 18705f2bbe9f9380b5ad594a7df65ea5
SHA1 708e02f4834a208a493062a2f239ae14bf25d3ba
SHA256 e41157d3fec448f3cc0d7c3e459ca2d0ba0739a53500c20946e7df2a1891a5c1
SHA512 5b515df0e943fd0194d602aafe43b7909bbd338476fbb09d55b27d57a836fa6c75d45714ce2c87d4f3e3b117b0898d14c373133765af47beec83a72ac8b665dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\81d1f353-5b84-466d-a02f-ad169a73e599.tmp

MD5 0b88552787cc85ba2d1dfb0c0d6e6287
SHA1 1d0b262ec2ebd0742200e7de528e265666d47075
SHA256 9b4074c18160c110ece68567728b1879abeb73e288df37f49b46a2a89d2d5e16
SHA512 afbef1c03ccafed4a999d7353c63994cf326e87e0628a867eb61c4edf17abace611ec73cf480e5f5bea07789bdb69478c2d533b4f8a0e339067aad12b1dfcfa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e106d377b48466e23bd919f3fe7dacd
SHA1 0a23c48a4961aeac5ebf70575c7284c344adc913
SHA256 bab072553d7d264059f0e4687aa551ddd6ea45471d7b8b9f2a4a01dc3d886651
SHA512 8787979922749a0bd1c0698596a5b7a8c142d6b6c53df407fbdf2d884a159ef9ef8e859265e219327e9609d2d6348ed1026360a1782c00a71b35a50f341e3e3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39b1f48cc5a667ab7aa63cac58cda52c
SHA1 9a8bd9e4eba7e70e1072fe53120726713535f0b6
SHA256 5dcf2481300d098b28761ea117aa7775447842ff916998e92cd46232f4baf424
SHA512 d2e592696e796ef258beef76eab2b019c60e65f534267f50d3463e305c6f8812029d1a985d9b5ec74da080148a71b85ff63e4cff499dddb01a1ad1d26c3efc9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39b1f48cc5a667ab7aa63cac58cda52c
SHA1 9a8bd9e4eba7e70e1072fe53120726713535f0b6
SHA256 5dcf2481300d098b28761ea117aa7775447842ff916998e92cd46232f4baf424
SHA512 d2e592696e796ef258beef76eab2b019c60e65f534267f50d3463e305c6f8812029d1a985d9b5ec74da080148a71b85ff63e4cff499dddb01a1ad1d26c3efc9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74b7d3375932f1924ff2fed89c99e98e
SHA1 a7088b7ce849dbe7fcdda2544d1657ff839f994b
SHA256 635352dd299fd47b4841da43d6b76cabc753f6ebd97e3aa119fdde47683380b1
SHA512 a5717ebdf2d7cd1395b500b9fc057e17fbd5f7096bdc2e1c365744a1d607d91ceaadd1e88f1a0c3d5c438eac5c515415e8d5caa5a8954cfd58929e6a0e75a6ad

memory/6744-203-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6744-222-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

memory/6744-223-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6744-230-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74b7d3375932f1924ff2fed89c99e98e
SHA1 a7088b7ce849dbe7fcdda2544d1657ff839f994b
SHA256 635352dd299fd47b4841da43d6b76cabc753f6ebd97e3aa119fdde47683380b1
SHA512 a5717ebdf2d7cd1395b500b9fc057e17fbd5f7096bdc2e1c365744a1d607d91ceaadd1e88f1a0c3d5c438eac5c515415e8d5caa5a8954cfd58929e6a0e75a6ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0ee472a9a10dbc0584e88d8770add423
SHA1 eb2dc4463ec34caa67c9744092a496a79f843251
SHA256 fa0e0ac4ff45bc13555738dd5048768dcf271aab8bb34d9f15ab1c646bdb90d1
SHA512 49dc4266e8b2aadc7334416da666beb81c28ba9fcf54df54713fef3f28b64620dc427c493b799ddc70ee1278ee479d132d79dee598d053117a6f55069690ff73

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12Ju184.exe

MD5 4968c195ac0ed31c5ca1e3db0af287a1
SHA1 e0911cc4a935a4617f444ec07f20e76eed68b530
SHA256 0717ec5250a9a95d0859cd970a94a6bc8d3f924c1d931526f655110e4ba1b06a
SHA512 60f50572fe9c153b52c2f6a92f4ca8449b1e20ad745bd221fdab85c26223ae09d280310053a95e60484e62be4fdedc6071e63ddb77b881d99af2bc51a2cbaec2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 526035c3a9a81c2332eb054e97e95880
SHA1 bd3ff444618bb862f648b18cf65dffa7de08e55d
SHA256 e30baa82e0419d4cc8095d963f27c7af4a59463aafb0f1ad7c4a76891be9335b
SHA512 8b59c3655d6b7cbd5bb8166112d2c1be46f25ed7fc17abd1fcf9d81dde74ee86819950674b98f3dee39e3be5caf3a6b998bb0b5b8d8a5289071ce44ccfbd5bb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 974fe7178ce81f118125cb107581e259
SHA1 d3629d6dc22e11d57f88c25b3b566b3e28008b4a
SHA256 9a0894ad86d7e18929ed241b1d9ef6a71a7eaf3149641a6fe38a4be7c05e03c7
SHA512 13557a574299f4f5dcdcaceb52d6176368cdb4c0e72d3f6d4a92333049c5eadbe493e1acb37eee063b0df87de1437c94c882552bfebe08476f0a55a1cc1b98a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39b1f48cc5a667ab7aa63cac58cda52c
SHA1 9a8bd9e4eba7e70e1072fe53120726713535f0b6
SHA256 5dcf2481300d098b28761ea117aa7775447842ff916998e92cd46232f4baf424
SHA512 d2e592696e796ef258beef76eab2b019c60e65f534267f50d3463e305c6f8812029d1a985d9b5ec74da080148a71b85ff63e4cff499dddb01a1ad1d26c3efc9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e106d377b48466e23bd919f3fe7dacd
SHA1 0a23c48a4961aeac5ebf70575c7284c344adc913
SHA256 bab072553d7d264059f0e4687aa551ddd6ea45471d7b8b9f2a4a01dc3d886651
SHA512 8787979922749a0bd1c0698596a5b7a8c142d6b6c53df407fbdf2d884a159ef9ef8e859265e219327e9609d2d6348ed1026360a1782c00a71b35a50f341e3e3b

memory/6708-294-0x0000000000400000-0x000000000043C000-memory.dmp

memory/6708-300-0x0000000073EA0000-0x0000000074650000-memory.dmp

memory/6708-301-0x00000000081F0000-0x0000000008794000-memory.dmp

memory/6708-302-0x0000000007CE0000-0x0000000007D72000-memory.dmp

memory/6708-303-0x0000000007F50000-0x0000000007F60000-memory.dmp

memory/6708-304-0x0000000007CA0000-0x0000000007CAA000-memory.dmp

memory/6804-305-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6804-306-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6804-307-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6804-309-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6708-310-0x0000000008DC0000-0x00000000093D8000-memory.dmp

memory/6708-313-0x0000000008070000-0x000000000817A000-memory.dmp

memory/6708-314-0x0000000007F20000-0x0000000007F32000-memory.dmp

memory/6708-315-0x0000000007FA0000-0x0000000007FDC000-memory.dmp

memory/6708-316-0x0000000007FE0000-0x000000000802C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e1c48a96f1c99392dea04f75670c35d1
SHA1 79d4c8c297f439394dea891cf957dc88e2f6f44a
SHA256 33d04ab38165e3bb8837f655445dab36f568856d8d06b190af2a4485cd7f4786
SHA512 48080ebaac1e4f32dcf7d535c8682a30c4ffc6c4ce5acab34e29fd6580b9cd0c569f065c95adf85184353d747eaac8f91175711ddce1a5f493b16f1e55115534

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d0b9161117ef683442aa1ea9790f4d9b
SHA1 5078e5f84222210edfd310564b3008ecde11feca
SHA256 8c177728c6f074bc54251ee6cd90712f5f35ff4e1d841fe61fb761dc46f545e1
SHA512 75c356e1ac0e041b3227d056453a3bdf5db40aad03aa2aa619b70f7a01ce9bd0656bae01cfd94827d57edcd80a66bfaff7cae0ae9641d8406259196b27281e08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9e8d5f87a843df61d6b59229e5a81ec8
SHA1 0eda5959936804a562032f0b83d85a766a8efd6e
SHA256 9de1048b58709e9fa830c32826e0c2f8be346c3091debf7e2aa05c1d9bdea622
SHA512 6d8c42567062f5a3569ba8fe4764aa0cdf1f32e095cc01ee3045e0693768fa427ed681f18829df5d6f1d2ebed9c1974f87c9922e2b8c7527bc886aceab5da582

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 585d1a990ad60da56145311d51aaf7d1
SHA1 235a9e9c38e472bab129e3b5f7731fc489d7c3a8
SHA256 a07ffc1f63da81fd571828f3ec242e9077f41ab3d5b62eacba42d85639fb58ff
SHA512 c57607e3077754956f8df35cd2eaefeef3ff783927fb9de3d11603064c0ad8a5c062558949733c872d28fe2b247212434d476ca6de4ad5b6ee13591c7c14f085

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce7a53183ccc55eb2c0d71155fcaca1c
SHA1 800ef93a75cacae6b38646d41b6174b6e2d2d8e6
SHA256 181944c42bd76972f70d1d1b0aac090f4b5c2f4833931c4aa25a6d2b9b028b58
SHA512 69ae0721bc4a91c260c69fe58654e2a6e06d1a3dbbadd7fb47e2bb60b22d77d866a622ec7a0b71c0ba3d490e84835ce9be041a583ce259c6bae62b21e9399db6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 61d4d05269b12bf4b92fc90fe3bfe470
SHA1 d202db70d27fd5b733f0d25240b5951f374ba287
SHA256 21cd0dc1003ac642f9afdb49ef4d9dacb4c1ff2dc0f51098a466aea9665e03db
SHA512 8dfa53ab8564c0d4aee8683f6e0f2ae5d3bdb6363e73befa991034d5c52be85292e4db8e3b8e1e29c7b1cdb3efca010a44920e74f01f9ec983c6c1d8ea874677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d8d9cc43f184d904a6e36e34238a0db
SHA1 65dd9cc589d5dbbfdd65810b1d4f3ad5e0d820cd
SHA256 e53a4db8416570a0c6a63c663a30c5f56f4e342bb85d19c0e533330d125b7255
SHA512 7baa73e4d535337720b126eaa0686af586cb525934910f09f36f1b3819d528b8d68cd5956abffede0d14564e93b4bb0100ef9e8d219ee5e9b8a724e616a55c3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 314511fa7e48c76662e7ff745293ca6f
SHA1 c9fc5d134820df2ae4c3aabd3163c3916f73bb72
SHA256 7a79c80d3f3bd995e0e4d69c801f2caf006f9ea64c174c1471682f4518703a51
SHA512 52bb332557ad8fe3f7899c1cf09b971f50db2861e7a2c672494a31b4acf64990accef60e6a404f8ef93880ba2d3ffc26943c05618bd69043d5d4330e23199886

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb4a.TMP

MD5 54484bbe92ab5df30be273e9956e0ac3
SHA1 773ad5039f87c812b1195336628cf998a85eb3d5
SHA256 ce1417057bc7d46fe3a6f0994df3a909948886dc7c1c1ab16e5d26dac9e510c1
SHA512 16d8e6a82701248a28e6f406ca1f4a7953e895e6ca408f63c824d7400bdd06edcd010eeaeefe7ea068aaeab3ef716f8a72b9ce687cac1c30a33788c46d94644d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5e0c4f580c36a08e81bce78c297b6ab8
SHA1 d9549279e433366fbb27312d72bce07f85c9600d
SHA256 87efc13a779457c7ec309a006b8ed12854bbf7563a417cc79b158eefc5d42938
SHA512 9f46f7493a18e8b07f19fdf39efc5e021e727be971c41a351326859be85056330198348c5fbed4ebc4b8102537c86e2b9ff8b3d43cc7131f0675d657cf639a18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fccf.TMP

MD5 e4f48683170444761d6888f07c7375e5
SHA1 f435df11dd9b40b500852de9537ccbdecef363f1
SHA256 46610a74232f98f64d8b6027d946ca3ac4015fc1a2e87f9860c1acd555584048
SHA512 f74eb278e62a109cc0fe36b748e1e68c4dba03edf265366a8ee5bc4f13db68a6aa8a3d26d250375fca02640c036829317022ce68b2fdbd4ef38a530a7b0a9c2a

memory/6708-1048-0x0000000073EA0000-0x0000000074650000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f5a36703-bc17-4165-9272-385972476f54\index-dir\the-real-index

MD5 097243331412697edf9eb0dbd901a6bb
SHA1 4f1a8fa00973a33643c1145f481862f082c83fbc
SHA256 95f44cfe8e16796af36e583e914ca639b05342312226ee7c917fe5d225213cf6
SHA512 dd7be3f994f0b50ed29e99572c20a8f143f62f32331ab3cb0c12c8bc60b4b8f4d7e0ff4c2bc916319907e5d0175049534c5a02bcbe265fc1797c395d6094e719

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f5a36703-bc17-4165-9272-385972476f54\index-dir\the-real-index~RFe580d2a.TMP

MD5 2dcad465a4182d1dbdc5cd5483d20538
SHA1 335111c28a57bf590076f5cffecb0e353ec81cb8
SHA256 ab8129cf20391f4907036694c31848426f509e861df9b0a56251b9e87e76293d
SHA512 8cb1488fd3038e8a3fafaa40a147249fd2c7572081ed31a644af7bf5bc52ae777c4690875bef1d2379f9609c5fe794c67fdb18895135acb6e4020f9bcaf60d34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dba486faaa6c7692e7eb39618a99612f
SHA1 7fee507fbe38ecafd1ee6cebe878a70f5ae9cb4d
SHA256 20f5d60f21ae60d532b71367e82a16201dd8777fa1ff5689f6a6632b22df9e95
SHA512 176cc0d7d0109c2e658582fd7c366800d9c799c740e16baa7a73cc6f97993a099dd3a0309a5fcac2ff28cd094e9213a36a664c9f7dd329e20b850260d16db31a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\563af583-f6e6-4972-b9e8-511662748691\index-dir\the-real-index

MD5 81cbab1b3e1e657ed5b2d0a7e4896125
SHA1 b6c7455d8cc1cf111593980916cf05ae0acc2562
SHA256 05e7d9294d120547b97827e11e328b6360c4a91be59876fbaa8d109b843d36c6
SHA512 4f5312b9544c67acf6d823ae785c39160a46ee250031b7d7b9c4daa05f2c7859d46b9acef3cf0587056ec537f59af09ab57f06a302d7d2fb849422e4a3f93ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\563af583-f6e6-4972-b9e8-511662748691\index-dir\the-real-index~RFe5811ed.TMP

MD5 b7660e42e65bb522c9ed3fa5c2b51071
SHA1 050649be30d36fb7a6caa5d5603a7becf1ef1417
SHA256 40d8021c3e5a284ba5cf43ca46f7f8236e52b9a943bc88d02f995921e70e9212
SHA512 751d688b61ed6373298f93ae5c1866eed0fa8c4e7a0ddb20cd626a816a990bc1d638efa6c8b18da67283a81c34aa15c613a56128edda6056207da56725135205

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 72d9f058540630758b11c7c05973a74e
SHA1 9fc32b62061916bc991971dc02c3453751a06d5f
SHA256 9cfb0184365f24a6f76b9eeb0c6595530fe7a4b715e73226cd7d817495ba0112
SHA512 e6119ae8e16fc12d3e21db0c74e81c3f225a2969f83e89dee26a6cc25d257c55e2534b8a28eeee08801977a3e2f3bff4693f98d318b34cc56f614dd72af41fdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b70bdf2932e8834727e244802bb6200
SHA1 a00bb7e1f63a22df3a8da13bf0033102323993f0
SHA256 e4e8f031946eeb8a8c10c3f6ff36ac733d77944b38f5cac2ab9970f075507157
SHA512 4f0b34e2eca746b8b34534ebbe8dcb871d730d2d96eb12b105c6f1564c42767a047a0a5e0a8470434bc9b375e24bfc49656e4da9dfdf88608f270a09c9d9a8f6

memory/6708-1132-0x0000000007F50000-0x0000000007F60000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 b3dd999e26b08539995ae98eb37f6bfa
SHA1 4e2b833d2e4626e425102110a4fe266dd565ecda
SHA256 3e49d116ad5d32d80924983b38be9023bfb69fc6bde2a787e31bc297683332e3
SHA512 fa0d4f14c474a0710701ff576550edf6ecb7754828314e8e4328e27eb45ee378210f9082a36bd039c284f607fc71928f08e12d04bafd78dfd4658056d823db8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5818f2.TMP

MD5 54ee882983a79707181ad7deb562de00
SHA1 496eabbd0e2be5997a359e99551ef37632cf2b9c
SHA256 23c86f72560ea0fb2eb3fb9999af001f374ff39dc8049236b337c58b58c2b5b9
SHA512 419e2a97d5a197a8f392485769409106b402f5056017a1bbed9e8f7f0f0ff0845ac2e97d83c4f7bec7948cb314a630212cf1570afc169cea1668f7834d4d9f25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\03c9f012-c7a5-4732-803e-6f1b95e274cc\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99581c588b1a70d64e3a73e817bee24f
SHA1 a02fdbf18f9017fe2c7a18ee60cc37d45b7b8004
SHA256 9a29a5e90a28d36fdbfaeb8a62e4b59a9976e33937106d445ddce34f16d62dc2
SHA512 b596202f4544c9779e4538fb16d0cecfc33148d9717532bafbd3b7f0d9422e754788bda8d23e5ac8c586e394af641eafd88d99e6527fcd31c4fb04df5aa6a8f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b64761a88fc54768b9b2cb83fe63a8e4
SHA1 0deba6b57cf657baf8ca69effa15fcbb26999346
SHA256 c54337d9a9dfdf408e6fffa5315e7331f6948d2a7c47076d32e46aaa34699ce9
SHA512 920a9598e3ed266251848b8605249fa17bb766ec05e4b20c0a762547473fa0b8e794fe0c71d84e5386d121f52589a7fe07004ff97f3812332af67d33e0d10205

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 35c558a1e14da33cc8476dd9df2a95a5
SHA1 c43d01e82836facfb39c6d87efcf576e4cc92c17
SHA256 9e01b2926f1d9a1120dfa9c21e7083c319ce595b3456a9ada7b0af9e0a0afe49
SHA512 654750ffa01d51f83ef3c16193bb09b1da0d6acd9a6345c6c5ff09660b676877d7dc55f805603bdd9793efc6369bdb66ba1b8ac2e67b0deeee0c70e40d17592d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b99011ca5a99b42c4f68f0cf03bc5020
SHA1 0bfc7de0e5dd1a8b430bef337304dcd58cac070b
SHA256 7af7495df5d942a3b99bcc9d630a2869d943f2a06c3e3537c1749f9cdb50bae0
SHA512 645fee3040f9ca5ca0533698365f3bd7d6b87cf9ceafbf64d40e7fd50a59c4e1cc411db64ae401e180bb344c1f4eb83358106cf2e84903cc0b322b53d8b024ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\cf8ebf62-e098-481f-9565-0063b82632b2\index-dir\the-real-index

MD5 ff0df0cacb8e72117caba20068d438e2
SHA1 ca877b50738783f93a8f60dac8d356b23aba586f
SHA256 c2b6b138c63225d8fb076b21c700deada115434948e6c38d3444140869165e67
SHA512 1e719562d12bdb68fdee5aae7a8000738be8ae7f1d20a9f314970e0bcb1a72cf96716be4d5c7a4d4d2f28a2c73aaac0e62410fec8e64ba3cc869724b023eec10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\cf8ebf62-e098-481f-9565-0063b82632b2\index-dir\the-real-index~RFe586ca0.TMP

MD5 e94d71324919ab45446cda62d7204dc5
SHA1 8eb628e17ce3fd029cd062f22ce457ab8bbcb796
SHA256 7dfc8e89eb2c86063cc23e861b560dd614943b3d3b19b9f0223d32fa50572347
SHA512 e8dbf220471c8c4c6b0ea43c64f5b9fd1e97ed1e5f0019d8dea939ea5a3503b8d4c2982accddc4df20e899d2b56489f865243788bec565b06aed9bc8c5fcacdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a4c9e793c9eb3c8ab6efee9fd10f18b4
SHA1 be759d20d730a2bea641dd7c8856196ed9b926bc
SHA256 ffec1637d89b6c1fec333f23f69fa98c4cbcde3ce82481a90a1812feb737a370
SHA512 c5de9c86ea640c35beac656b69ab76b1da8351e87404407f88a1aaf482b6984301a53376832273163683dc81fc70bd49dc238033703838fb5a0c001090150e0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d5d1642f068c64f5b04d1beb373673cd
SHA1 1b319fe97ce0bc91540c5b9a2667ef15b8707bb8
SHA256 a976227644486ae3699092994b26851a8f9fec7631d026b971fe9c80f93b4b7e
SHA512 543029ee46cc36be395feea6d4f702386450d907ad230ca639763404eb1bec5ba7e339082e9deee844f34f35dc75ae881c0ebbc512e5388dfe6f32e543c4996b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dbe2e99a-35e3-4988-b7cf-6368d87ba502.tmp

MD5 1bdedacf5b5a8f2b2fe78dae31427697
SHA1 9c85c6a5af64d8f8f937719ed6c5130083375465
SHA256 974644036615790a5210e5973403642d499d7fc85933d659d13ddffcc34feaea
SHA512 cb7c5a9f465196ee745039de1da30cf06e16f2eeef7aa2acad0b40e27d49dd728edfeff5d0a755fbed45aa1f4741a7edbdafb6f5cb2ab14c26db5b6fcfd99880

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa1e16407c61188594add221edb08830
SHA1 18d694364c52994a3f68a836076b8bb7eefb0b38
SHA256 e60b70be4137502970edf5d85954470d7b9c72df8dbd0fa7205ec0f956383b39
SHA512 b5ed9d16ebbd3e3f84b7e61f4118a7059640bbdb08d79595d84ddabf187627dd6f2783af9aa03751cd985a06678a81c1facabc6552d99df7d5f8af740daa5317

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\03c9f012-c7a5-4732-803e-6f1b95e274cc\index-dir\the-real-index

MD5 300009f702df524d9a9a09533913e834
SHA1 7f9f1310931c13fec2b2f0a34927bbe3777c2eb3
SHA256 2ee83c499101920c8811a3008ccc41fad9ffe00b48592d9bef0c0c9d0ee0632e
SHA512 ed00a324dee9704c52d725a0e83574165f18ab00797eb1b12d5ef25842d46d9fe446801076f5c73c1a173a1c3dcedacf57400ce90d990bccaf55e176244dc96b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\03c9f012-c7a5-4732-803e-6f1b95e274cc\index-dir\the-real-index~RFe58eff9.TMP

MD5 4dedeb308bffa5aef77241d6965a822a
SHA1 abafba10277cf0dc44d1fea882242175e2ad3b5f
SHA256 393066947daaec066ccd9504bc4fa92883a7da2c9c10148cd8d6bcedd4f62f75
SHA512 4fa68713690f11af5b57137d9842ad62e5b9a986d7bfdf40d1558b545703d44641d9ccb1091cf74cb7b0aec00d2166a40e548f357d62baff57d5a14eb40af0a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 e504f5bf65bb58a6eb767e3accd14fe1
SHA1 92701f8ddec3386633f58a17362dd1d976adad45
SHA256 a0545b3b9abf8327c376678255d530d79fe2936564e9363f4dc774adcba86365
SHA512 d3eec79a99f889e02b35ee52d7f56cf764f8aa3d1af90da4a26cb336b62e3762e2c62235591a2915cc3f5480554b45cc84cdc272e1d72b4905d45f387df0226c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 0f3ebae2fedb4e3fbb56e677bc30538e
SHA1 cbef71251bb33004a6a4087a79c4454539806d0b
SHA256 d2356ec7a361b341877c523e6429fb0610ed50e3f9e0083f81e4b7a24ff42b66
SHA512 d0d29d2d9cab165eb3278a1a38ae82c0d3926c8d49d923c30114e4c53d3f9274f89b9ff8543b2944c5a682c6df8477a4cf9b2ceb390e7f83131f22cb177b20dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3703d94c49dfe0bf8caad9b18ee08177
SHA1 98e123c4513c2677e3e13eda4ebae951594844ca
SHA256 97bee8ae0f962acf779d1816337535c3f7cc86986fef5868a9278126799c7afe
SHA512 dd73f667b59c0a7ace7bb2dcdc35e38e19d84d62dbbe2015781c52c10c2209a3b260d78eda807de3b986088cf31e466755af4cbc033f0c99e3c51afbda893d04