Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-d3xg3ahg87
Target fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4
SHA256 fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4

Threat Level: Known bad

The file fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

RedLine

RedLine payload

Detect Mystic stealer payload

Mystic

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Program crash

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 03:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 03:32

Reported

2023-11-11 03:36

Platform

win10v2004-20231023-en

Max time kernel

199s

Max time network

201s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4844 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe
PID 4844 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe
PID 4844 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe
PID 4528 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe
PID 4528 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe
PID 4528 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe
PID 1076 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe
PID 1076 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe
PID 1076 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe
PID 4588 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4588 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1884 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1884 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 8 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 824 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 824 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 8 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3060 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3060 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2504 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2504 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3920 wrote to memory of 3380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3920 wrote to memory of 3380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4BN1zC8.exe
PID 1076 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4BN1zC8.exe
PID 1076 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4BN1zC8.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 5360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4.exe

"C:\Users\Admin\AppData\Local\Temp\fc6859005a482b1cf8aadba51a8dbee1e5c0cddcd9852646f7232911bee620c4.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffaefe46f8,0x7fffaefe4708,0x7fffaefe4718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4BN1zC8.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4BN1zC8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,937156978648542883,14549858201743159409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,1046564299569002186,1538895842107593149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,1414194241159574507,5227772967149612529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1414194241159574507,5227772967149612529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10969225348984248126,16964405350593893737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11300104883492218605,6771932982053444696,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,1046564299569002186,1538895842107593149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10969225348984248126,16964405350593893737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,5237317050767459445,3260296780601474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,237643153130333821,4062317075406701723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5237317050767459445,3260296780601474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,237643153130333821,4062317075406701723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11300104883492218605,6771932982053444696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15387105987829061045,7305396463639697420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15387105987829061045,7305396463639697420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,1960941954083973868,355524807801594222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1960941954083973868,355524807801594222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 6812 -ip 6812

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Mf07WW.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Mf07WW.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 540

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6jE569.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6jE569.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,16085186287368188985,11452269080759539964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 34.202.40.65:443 www.epicgames.com tcp
US 34.202.40.65:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 65.40.202.34.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.195:443 analytics.twitter.com tcp
US 8.8.8.8:53 195.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe

MD5 62a9a364b61f8db13d3c33294cc3d5c4
SHA1 61740c7164f1c6bb192c2e71e59c7c380a2f5b73
SHA256 024974ca8b510732a656a0f61457943b2a10423bae39c2fa39ab6d7e12f1951a
SHA512 f107fc09d4bf36e2ee51cee4a468c4106fb3bf86b22e9c5ad60d0d87ef7d086fffd666cad6e560579046d4fe900a35a67049dd21106f7d1a4780cbfb52aad0b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vE3nG83.exe

MD5 62a9a364b61f8db13d3c33294cc3d5c4
SHA1 61740c7164f1c6bb192c2e71e59c7c380a2f5b73
SHA256 024974ca8b510732a656a0f61457943b2a10423bae39c2fa39ab6d7e12f1951a
SHA512 f107fc09d4bf36e2ee51cee4a468c4106fb3bf86b22e9c5ad60d0d87ef7d086fffd666cad6e560579046d4fe900a35a67049dd21106f7d1a4780cbfb52aad0b4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe

MD5 735a1eb036de53a0104bc1ebe90364d0
SHA1 082452dade7267c5759eabe3c25fc27c77135367
SHA256 82fd31c7b40251387f6910c11d0e2a083b66ac929caa6eb07b2f6bb1d26ec213
SHA512 e5a0b9109c4ef1aa928b1a932871d432b4c4f58f65de5a2a8f1ba7030d1eec817761ebc9bceedcb02be296f50d4935782675613b7ba3216ab2e19c4e1ef727fe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pn3wq27.exe

MD5 735a1eb036de53a0104bc1ebe90364d0
SHA1 082452dade7267c5759eabe3c25fc27c77135367
SHA256 82fd31c7b40251387f6910c11d0e2a083b66ac929caa6eb07b2f6bb1d26ec213
SHA512 e5a0b9109c4ef1aa928b1a932871d432b4c4f58f65de5a2a8f1ba7030d1eec817761ebc9bceedcb02be296f50d4935782675613b7ba3216ab2e19c4e1ef727fe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe

MD5 3960a8c03f5542d2f8ca4ae671554092
SHA1 c0312ee28a099f171cbc162baf5cd257c72547b7
SHA256 36872918aefb4d2572c5455e499b6292692d0c7f3324c874706ff1451db69fd0
SHA512 43474fafae0b7b63ab2dfa7cb18522f7e5a13e24d531d897db9b623669c9055c57e54a03b58cb87acae64c3d0fdaa8fa5372e7467fab1c112acda094f9f577b9

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LZ834jv.exe

MD5 3960a8c03f5542d2f8ca4ae671554092
SHA1 c0312ee28a099f171cbc162baf5cd257c72547b7
SHA256 36872918aefb4d2572c5455e499b6292692d0c7f3324c874706ff1451db69fd0
SHA512 43474fafae0b7b63ab2dfa7cb18522f7e5a13e24d531d897db9b623669c9055c57e54a03b58cb87acae64c3d0fdaa8fa5372e7467fab1c112acda094f9f577b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4BN1zC8.exe

MD5 3effbe6daca8d744257f6dc3be752656
SHA1 fb43cf0d5a4564dd44db55e04b9820e4cbd53426
SHA256 07c1c30df6cc94ff7889c99143c172c71b68c2fcbecc41288b0983ed72ba6e78
SHA512 1818e6b62120cf73768140a43f71c104cec87a25520c222b49641e577457079742b02c567e92c60ebbcdec1710c3d3e481dd23d1fb5f7bcefd024a1e36f7570e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4BN1zC8.exe

MD5 3effbe6daca8d744257f6dc3be752656
SHA1 fb43cf0d5a4564dd44db55e04b9820e4cbd53426
SHA256 07c1c30df6cc94ff7889c99143c172c71b68c2fcbecc41288b0983ed72ba6e78
SHA512 1818e6b62120cf73768140a43f71c104cec87a25520c222b49641e577457079742b02c567e92c60ebbcdec1710c3d3e481dd23d1fb5f7bcefd024a1e36f7570e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_4912_YULCRRWTFYAISUOY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\176eba5a-449d-450b-951f-0f8d6e8b5592.tmp

MD5 42fcd7aca4ed40a3d1a8af1f7a4bbe88
SHA1 c78c4f97a1b7a6884f77b5ae5857d28d336c81f7
SHA256 24751ec3bd5c7beac59e3a6184ac6c54087b16c7229cb2b9c5d5bef5637ed853
SHA512 a89d39e55f5e9b6d8e119ec6af21255084c1cb52f310ab6289b513e206e773d1bfdcabb4239d8262d1a5acbda8a78d3d941165604578479247ca00aa92d10ce4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_5100_RCKPXJBAKCWSLKHZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_824_ROQCCRLEEVGECTNJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1884_CXNVKKNFYWNIDOYU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ef86fee26d5614c9beb08ade594e92b
SHA1 e5a35f8ec612ce23ad1b8bc1484121949ed4de65
SHA256 ccb35ceb4c0f67836bd2c786fd5dd5968ca9ba65bebdf6ee49cb95d15211148c
SHA512 6165947bd17204d046b42c7e6aa586b489c512816a12ab332653b89b1574eb933f0c92c509d0a9d59686084d6d0bb59f84d8dba1fc2670aeab62c47e67f22a1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ef86fee26d5614c9beb08ade594e92b
SHA1 e5a35f8ec612ce23ad1b8bc1484121949ed4de65
SHA256 ccb35ceb4c0f67836bd2c786fd5dd5968ca9ba65bebdf6ee49cb95d15211148c
SHA512 6165947bd17204d046b42c7e6aa586b489c512816a12ab332653b89b1574eb933f0c92c509d0a9d59686084d6d0bb59f84d8dba1fc2670aeab62c47e67f22a1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 171618a212b158d27c85104ce5c49277
SHA1 6f87640be54d9c0399ccead8860d687fd8f98e1d
SHA256 32f94f3c4b26e77eeb592d71700e28f13b2ad8a4451a008cf578e7f3ab208422
SHA512 68c333b0ab04e940e55c13dae88653a1b0e4e68b617ee3707a134f7d3e6e428c86ca0b65065b9090de8bbdc2f8d470ff05373b69dbcb1904a74d81ba8fda9222

\??\pipe\LOCAL\crashpad_3920_OBFQHDVMTMTCVMHT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2504_KZPVHOBYNSHMJKQQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d95f2d4f-acf3-45c2-9524-b1764d23fc64.tmp

MD5 491245d99c3e8f5c7b1955b158524b75
SHA1 363ef159fed33d5483c66cf9266fd102813dc736
SHA256 8a07f031a95763af36f2f2a09d9b64816cbf16a30d49087b5b336ffe66704507
SHA512 43ddc74a6d6373e436ca22f64b94a8c8bcf54810a4d16905e53df32aff2c4f18ea2fd1cc230154fadc1119d04daff857c43a02b709f7013e2e8e79f2a7a3f12c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 342d83b3a4b68c21bf1569edb73f2fe8
SHA1 c8d80c5a8519c53ff508cf04f95958785d9e055a
SHA256 fbf838134b3448d27649ea4ed28ec9970d91fa582143ef05b56b299dfabf7a1e
SHA512 13e6caa887679636e7cee1d7dc1744c06dbeebeb909f10ec71755be453df2957a68ba08851cde0ef05f851a024e14e5f4a423b27a86edfc815911fdff65027fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4bb86b2bf3ff2068b0e5bab00bac816
SHA1 e86cd39effb93169021271a4e58dbfb8adf5d859
SHA256 885b28472522c7e280a56cd5a364f487838e56a5f1a4c0442a7acb4c67c2c443
SHA512 2c8eccc7344e2939aaa2f7bf5b9c30834d1d9cd19bf8561cf0e94af0d163102d410cc9c702197d931b9016f7cc0c63fb4bde094fc94154a61a8a0d938db0c2a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4bb86b2bf3ff2068b0e5bab00bac816
SHA1 e86cd39effb93169021271a4e58dbfb8adf5d859
SHA256 885b28472522c7e280a56cd5a364f487838e56a5f1a4c0442a7acb4c67c2c443
SHA512 2c8eccc7344e2939aaa2f7bf5b9c30834d1d9cd19bf8561cf0e94af0d163102d410cc9c702197d931b9016f7cc0c63fb4bde094fc94154a61a8a0d938db0c2a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8487bb10-8725-4661-bbf6-a6db8940be4b.tmp

MD5 b68253eda20bc8762ab1558598a28e6d
SHA1 0f371499959b0f5a80dc9753fc161f56056b402f
SHA256 7b48227e990b31609ae368762106829359338efe6ab4e2c03743b0dadf052f39
SHA512 14a1e2760da5333033f07e5853e5ffc2f902165d9f1e243c23bf24e4b3f368328f75e956996570379c0cde913c901dce35e0a69883e37472500bd25b87a7c95d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 374a736b3d4407a6fb77847e49ed2bdb
SHA1 5c724f6c154355ecde065a9411ef4b5464cfeefa
SHA256 52f5a9f0f85084c05e7c0d82631687dfd50c8f4c9c727b72a5467806a4452974
SHA512 b9934d65329a17dd8d741fa1a777fdcea10dc8301a80385e222d6a88d389f7984c84252dc0954ae4486799389fc73a843b28fdded06d12abffc6f6252a92cc51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 491245d99c3e8f5c7b1955b158524b75
SHA1 363ef159fed33d5483c66cf9266fd102813dc736
SHA256 8a07f031a95763af36f2f2a09d9b64816cbf16a30d49087b5b336ffe66704507
SHA512 43ddc74a6d6373e436ca22f64b94a8c8bcf54810a4d16905e53df32aff2c4f18ea2fd1cc230154fadc1119d04daff857c43a02b709f7013e2e8e79f2a7a3f12c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 171618a212b158d27c85104ce5c49277
SHA1 6f87640be54d9c0399ccead8860d687fd8f98e1d
SHA256 32f94f3c4b26e77eeb592d71700e28f13b2ad8a4451a008cf578e7f3ab208422
SHA512 68c333b0ab04e940e55c13dae88653a1b0e4e68b617ee3707a134f7d3e6e428c86ca0b65065b9090de8bbdc2f8d470ff05373b69dbcb1904a74d81ba8fda9222

\??\pipe\LOCAL\crashpad_2976_PRLIGONSIKOGGGQX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4129ea6b-43f9-48c8-901a-99a34390be25.tmp

MD5 34712d7206cd6f832bdc5f0eb356762e
SHA1 38b0d99ebdf0750f5fc8ac0bc0e14c96c2b0e064
SHA256 3e3a4dbe156c9ce99d5133e5675f60fa61d24b7e2eb7fa5b9b80f4250c2604d5
SHA512 dae556a532fe15335bf9348df2897faa32a1e8373a2cebfd23a17c82e6a0c11dd5fe2605ed5307a0e3754a2a15b87cbbf42d96a7ce5c5e3f77c805fb623d80ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\586b67e4-5ca4-440e-937a-1383f3cbd784.tmp

MD5 342d83b3a4b68c21bf1569edb73f2fe8
SHA1 c8d80c5a8519c53ff508cf04f95958785d9e055a
SHA256 fbf838134b3448d27649ea4ed28ec9970d91fa582143ef05b56b299dfabf7a1e
SHA512 13e6caa887679636e7cee1d7dc1744c06dbeebeb909f10ec71755be453df2957a68ba08851cde0ef05f851a024e14e5f4a423b27a86edfc815911fdff65027fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3cb6fd322c3dcdd70802bde8687e9907
SHA1 30ff6cd784011ddc74c1e35e545cdc3c9ced89f4
SHA256 8c1ffc8a3a8ff177909fe33bd7dfccdb4797fce98aca37eed9de5035c632fc6a
SHA512 eb1ddfc3cc386ee95d0972fb581063d4af5315e2077834e233b7c1af012bab8c9a6e9aa1e21d581e655d2cc66f99d88e428ed0d388eab58769699b6626663e22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 342d83b3a4b68c21bf1569edb73f2fe8
SHA1 c8d80c5a8519c53ff508cf04f95958785d9e055a
SHA256 fbf838134b3448d27649ea4ed28ec9970d91fa582143ef05b56b299dfabf7a1e
SHA512 13e6caa887679636e7cee1d7dc1744c06dbeebeb909f10ec71755be453df2957a68ba08851cde0ef05f851a024e14e5f4a423b27a86edfc815911fdff65027fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b68253eda20bc8762ab1558598a28e6d
SHA1 0f371499959b0f5a80dc9753fc161f56056b402f
SHA256 7b48227e990b31609ae368762106829359338efe6ab4e2c03743b0dadf052f39
SHA512 14a1e2760da5333033f07e5853e5ffc2f902165d9f1e243c23bf24e4b3f368328f75e956996570379c0cde913c901dce35e0a69883e37472500bd25b87a7c95d

memory/6812-379-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 34712d7206cd6f832bdc5f0eb356762e
SHA1 38b0d99ebdf0750f5fc8ac0bc0e14c96c2b0e064
SHA256 3e3a4dbe156c9ce99d5133e5675f60fa61d24b7e2eb7fa5b9b80f4250c2604d5
SHA512 dae556a532fe15335bf9348df2897faa32a1e8373a2cebfd23a17c82e6a0c11dd5fe2605ed5307a0e3754a2a15b87cbbf42d96a7ce5c5e3f77c805fb623d80ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 491245d99c3e8f5c7b1955b158524b75
SHA1 363ef159fed33d5483c66cf9266fd102813dc736
SHA256 8a07f031a95763af36f2f2a09d9b64816cbf16a30d49087b5b336ffe66704507
SHA512 43ddc74a6d6373e436ca22f64b94a8c8bcf54810a4d16905e53df32aff2c4f18ea2fd1cc230154fadc1119d04daff857c43a02b709f7013e2e8e79f2a7a3f12c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3cb6fd322c3dcdd70802bde8687e9907
SHA1 30ff6cd784011ddc74c1e35e545cdc3c9ced89f4
SHA256 8c1ffc8a3a8ff177909fe33bd7dfccdb4797fce98aca37eed9de5035c632fc6a
SHA512 eb1ddfc3cc386ee95d0972fb581063d4af5315e2077834e233b7c1af012bab8c9a6e9aa1e21d581e655d2cc66f99d88e428ed0d388eab58769699b6626663e22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1c17ddbc-f705-4701-bec0-29718a7b7790.tmp

MD5 7cab2ba4269be5ea52352211a8474aa4
SHA1 30fa7a2823cde7b5c95ddb959cb6ce76af576ea1
SHA256 c408df8371c78d0492e945f344a140ec38fd614ac1ae0a17302ebc8d0e60a2b5
SHA512 ee8e17b92b35ea740bb88b1b7ad64cc668893cbe696e442d28151a6012077d80ba1f6f107b81772f90cc8a3d0993cc808a5c213f797a17b0051ac54b68d6f97b

memory/6812-399-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6812-409-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6812-402-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\22c3f88a-764a-4c2c-bcbb-d248304b6e58.tmp

MD5 a7154197603ebbe6ba74739c4077cda9
SHA1 4dfdb20a7bd6f35ee25da89eddd506d834fd79b0
SHA256 965a4b184757557bcb18a8a9e59584e64237a33f6f97bbf8c48a5be18f9648fd
SHA512 47a8f643404cb327b6091455f8b94143fbd1395dc0745513ef04874d5d9c034e7b1da9f68077ff6136455b780268c129596475def8f7ce6cba55d37821823187

memory/3804-461-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ccb07f74710a330da8a615d80a5f4d09
SHA1 be20a911184e32077cd7df0850c66dca36d5ad1b
SHA256 7127bff007c02e066c11787adf98bc02d193b77cb1948154a69f6a56cd6c9240
SHA512 802289eb8f14a8e12739d3df5a38bb7026d54dbcc4168421291f88ed67ba99111f758eca76b5c90db70f555a9d392fc3521c82468cce50f40ab146a9f88e0c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05ce8151e6cc0b77107d4d352b3e8c22
SHA1 c3eb86a6a920f6607cb89ebc851e408a83f45454
SHA256 c69f946b261aa1f41d8ca8faf68307a016e509760c90e3088ab390c267056f13
SHA512 4ed73832aa7ff26c8a29142ec1316ab282d00e883f3cde104818f779f725131aeb603b83f5bc9aa38afddf2dc462a1e9e6b46b0a9a437ac5af37cc9545ef4c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 918ecd7940dcab6b9f4b8bdd4d3772b2
SHA1 7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4
SHA256 3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175
SHA512 c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6655b0f305228b6511dd9e48cc0ec614
SHA1 f626e65c0758717dbb5a5367fe3304cd5fa07671
SHA256 06d9367a6e18df5593f8ad5258cd1aa41fef06952590ed746c92a2142c8355c7
SHA512 c89f6b1ff1e48e5bbfe8aa79afc10ff9e6228b198300c742d21a123d2299eb53a08289ccf7b90f742c2061e6e78f78c1c0092672d039d091f896d424680ac78c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/3804-542-0x0000000073790000-0x0000000073F40000-memory.dmp

memory/3804-543-0x0000000007F50000-0x00000000084F4000-memory.dmp

memory/3804-544-0x0000000007AA0000-0x0000000007B32000-memory.dmp

memory/3804-545-0x0000000007CC0000-0x0000000007CD0000-memory.dmp

memory/3804-550-0x0000000007C50000-0x0000000007C5A000-memory.dmp

memory/3804-562-0x0000000008B20000-0x0000000009138000-memory.dmp

memory/4332-569-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4332-570-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4332-571-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4332-573-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a495c64afb13be7a2cda75fa8ecc506
SHA1 24a1607f2a1b4df226810a105f2ccc1738afa515
SHA256 8ddbb738025bd867568d2f0ae1bf0501b6717b5ca57a7ea0b435b8a3b2e92665
SHA512 3095f5542d5344cdf341c597eb199b0f5470acd8e4ada8742d34309e0d020c31449775cf0de73ea5e2b565e118ee936bec1be028428a14030c9662f45cb24481

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a4528.TMP

MD5 61cc9832e7784020590ad46ef63308e4
SHA1 9e2a24a08f18e72652b0c4658080d12e44f18245
SHA256 d7c2cb3150c2ac1dbc28c31a6f4e968a4b30af5dac6c164d581ff9b9403efa46
SHA512 91cc25199383c4825771625286f65c904d7358751d48e6e0a40d01ad94a0d50a67ea0e15cdb82ca48210eba8eef173bd1852080783f5b17670b7a6ce09584667