Malware Analysis Report

2025-01-02 05:18

Sample ID 231111-d837ssab35
Target 620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7
SHA256 620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7

Threat Level: Known bad

The file 620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine payload

Detect Mystic stealer payload

RedLine

Mystic

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 03:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 03:41

Reported

2023-11-11 03:44

Platform

win10v2004-20231020-en

Max time kernel

152s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2800 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe
PID 2800 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe
PID 2800 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe
PID 452 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe
PID 452 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe
PID 452 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe
PID 4832 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe
PID 4832 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe
PID 4832 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe
PID 4248 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2332 wrote to memory of 3912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2332 wrote to memory of 3912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 3516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 3516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4592 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4592 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1176 wrote to memory of 4288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1176 wrote to memory of 4288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4248 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1776 wrote to memory of 512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1776 wrote to memory of 512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qm9yL6.exe
PID 4832 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qm9yL6.exe
PID 4832 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qm9yL6.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 5580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7.exe

"C:\Users\Admin\AppData\Local\Temp\620bd40b7f2faf323c81c67bb5527279b60eece60f4270630daa7241e3ad63a7.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffb5dd46f8,0x7fffb5dd4708,0x7fffb5dd4718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qm9yL6.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qm9yL6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16131769156138938787,15041545068349541398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16131769156138938787,15041545068349541398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,842245057336605505,14489279019620012311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,596888339275788684,5885283123718467894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2886405220520205646,8026262823913586712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2886405220520205646,8026262823913586712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,596888339275788684,5885283123718467894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15236121521974762341,11563817429889805775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15236121521974762341,11563817429889805775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,842245057336605505,14489279019620012311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3195075356961147472,17805269280991545558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3197182040045753427,12439025855901404768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3197182040045753427,12439025855901404768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,3195075356961147472,17805269280991545558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,13441819159463147300,8448617751227430907,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10911695172498026441,10610687424820283932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,13441819159463147300,8448617751227430907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5jP95qX.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5jP95qX.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7888 -ip 7888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6bc962.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6bc962.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8432 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16722917462307573988,3649545787373659958,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8328 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 store.steampowered.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.epicgames.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 107.23.147.12:443 www.epicgames.com tcp
US 107.23.147.12:443 www.epicgames.com tcp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 12.147.23.107.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 126.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 138.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.197:443 t.co tcp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 fbsbx.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
NL 142.250.179.163:443 www.recaptcha.net udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 8.8.8.8:53 t.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 www.epicgames.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 34.225.248.127:443 www.epicgames.com tcp
US 8.8.8.8:53 127.248.225.34.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe

MD5 9b4c3cf35aa87532ac6789082ddba452
SHA1 8151949b6501789009b388ec283693912455e81f
SHA256 41f054d0b7a620a886f307e99ebb7cb9522d24eb19ecedb83aa1e6aba82234c8
SHA512 ec43a34ee306f2e693514b5b0b4a369c7f950b470e3a5ff62daea72139910907b7b85b82011af2ff7412e4fa2f6c64dcd72b94445d0cd1909a6a66e4ed2fe084

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv0no73.exe

MD5 9b4c3cf35aa87532ac6789082ddba452
SHA1 8151949b6501789009b388ec283693912455e81f
SHA256 41f054d0b7a620a886f307e99ebb7cb9522d24eb19ecedb83aa1e6aba82234c8
SHA512 ec43a34ee306f2e693514b5b0b4a369c7f950b470e3a5ff62daea72139910907b7b85b82011af2ff7412e4fa2f6c64dcd72b94445d0cd1909a6a66e4ed2fe084

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe

MD5 9589848c90ceb930924cd79d623665c1
SHA1 e2d78de91597f15e6c0eac93b1f0e6860a8c97b4
SHA256 e2a9d82e8994fdee33fc8c303f9320f341144e3d96259bb867abbb0df066e24b
SHA512 9c3bdc4d88bf4b060fd0d3a2a0a7838becb267bee283bbdc7e9d7381a7d58822851587933e79015b1059a387965bdbccafade6f2b1decfd3a6713473df76931e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lt0aW16.exe

MD5 9589848c90ceb930924cd79d623665c1
SHA1 e2d78de91597f15e6c0eac93b1f0e6860a8c97b4
SHA256 e2a9d82e8994fdee33fc8c303f9320f341144e3d96259bb867abbb0df066e24b
SHA512 9c3bdc4d88bf4b060fd0d3a2a0a7838becb267bee283bbdc7e9d7381a7d58822851587933e79015b1059a387965bdbccafade6f2b1decfd3a6713473df76931e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe

MD5 c6218683090289538480a0d7b8c3584f
SHA1 eb8797d880fc6a93561e7502e012ecc82847454a
SHA256 76b72b91ca5266305e76b42124c095eb40cd4f9b1395acc35f727d4703b4b100
SHA512 27028d9a37e2872116b5842d1938f0296b5175c37bdfc736ccf6d5b6cefa6d0b5cae7fa2ec1fbe3abf28dda4a2c2bfe8b900796b755b8e14419156a100c9c203

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Az394Oa.exe

MD5 c6218683090289538480a0d7b8c3584f
SHA1 eb8797d880fc6a93561e7502e012ecc82847454a
SHA256 76b72b91ca5266305e76b42124c095eb40cd4f9b1395acc35f727d4703b4b100
SHA512 27028d9a37e2872116b5842d1938f0296b5175c37bdfc736ccf6d5b6cefa6d0b5cae7fa2ec1fbe3abf28dda4a2c2bfe8b900796b755b8e14419156a100c9c203

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qm9yL6.exe

MD5 01621abacc920656e8ff7bdc2e6e4cfe
SHA1 f82173bbbbc7d17575035a9c15254405c35b2611
SHA256 d9d2e4ce91e32ef3a0d28da85d45c2a863052603fd02a1ae7ffa0deb02bc611f
SHA512 26daa7590af49cebb5708528e2f4b959a4e4ca331d7dad91d3f5b2b0c22f77bb920bef34ef5dd2edd6d768abb45345c0bfbd088e7a941351ecd5490905054b11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qm9yL6.exe

MD5 01621abacc920656e8ff7bdc2e6e4cfe
SHA1 f82173bbbbc7d17575035a9c15254405c35b2611
SHA256 d9d2e4ce91e32ef3a0d28da85d45c2a863052603fd02a1ae7ffa0deb02bc611f
SHA512 26daa7590af49cebb5708528e2f4b959a4e4ca331d7dad91d3f5b2b0c22f77bb920bef34ef5dd2edd6d768abb45345c0bfbd088e7a941351ecd5490905054b11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_1140_WFPCFAUTWIOMQHRL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2332_NISGRDLUDBFIZGIQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3300_MJRAEZDSUXHTXMGL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1520_ZFLTJOVTQZFEFKOY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_2544_KKSLDDWOHXBOMWJW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1176_ULKYQSNRQOEIOXZV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4592_VYOSYJGOAKYEVPCC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4056_OHORMRIXRCNZWULL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47ac1d2c92e2ef26e2c5a6da6da9f7c6
SHA1 1e9c821e023a71e8131a33bb037432b02cf4e84a
SHA256 45192735b437b7ca66de3345cdadfde1e1724c6312809cc678461cf71e2adbd9
SHA512 2769087d4f7907af0fd8e66967ba0d285b3f4cbf501be72f0321bb0e87aeca97f7c68a8009f22dc90804da8c372600a919af79fcd1a69683083b44f49b3ce90f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e267a192ab15d1819b895946f4a6a4c
SHA1 e659b2289334c382b6b2a0b08ff3e0b5636694e6
SHA256 d8b3c7a1fb1f338808c0c434da9b9862eaedddcac3b5934e1c69f38f13be8432
SHA512 4418278e3a02a2d2dcc916264663171f2dcaa2e5c7e95b766d2c97500bdfb003d9fb8e63d827503423159732875a284318774f5f139030874a37f13d70578f0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e267a192ab15d1819b895946f4a6a4c
SHA1 e659b2289334c382b6b2a0b08ff3e0b5636694e6
SHA256 d8b3c7a1fb1f338808c0c434da9b9862eaedddcac3b5934e1c69f38f13be8432
SHA512 4418278e3a02a2d2dcc916264663171f2dcaa2e5c7e95b766d2c97500bdfb003d9fb8e63d827503423159732875a284318774f5f139030874a37f13d70578f0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f30739dea0bdaa7423fc5ac2e97bef39
SHA1 872b7825e92ef2e499ed53dbb2ed2d3a0ead1ed0
SHA256 304c4e6debd817180c3de54d607905e07f51ed2221e3890618e6aff5a8a3e188
SHA512 30f7f52554e2924443eafcf854284b3b22405e55a833f639b7e7d1f3ce157cde59b012f14dad238722343049823f447098b8f7b8f31a458ee038903396b42a42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47ac1d2c92e2ef26e2c5a6da6da9f7c6
SHA1 1e9c821e023a71e8131a33bb037432b02cf4e84a
SHA256 45192735b437b7ca66de3345cdadfde1e1724c6312809cc678461cf71e2adbd9
SHA512 2769087d4f7907af0fd8e66967ba0d285b3f4cbf501be72f0321bb0e87aeca97f7c68a8009f22dc90804da8c372600a919af79fcd1a69683083b44f49b3ce90f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5584ab1f-8f80-4eb0-8fe0-e64e2b8c2b33.tmp

MD5 fdd2af9f2ed8d8238326a38a10b2a7a5
SHA1 9050490c23bc1c6bc4e13d14e8aceedc7f43d6ab
SHA256 d1824a9eddad89951ee520ed90f0914f4a21b6738f538eab2cf0d6183b1bb7c0
SHA512 a533f98bc970d66f01fb63701d2241247bf127d1a61d15b3cfe9f6aff63d88f4db925f72922103ea1ce4d1cefec2cf41e159e672dab6389586541bcd9f66aa2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4188c78d61841c9ec9653479510a0ad9
SHA1 e2aea9271a5a364ff4cb2e0ee8239a1a8a26ba45
SHA256 af76f89b2a0d197376063e6fbe2f119615f95966688c9597b9704c1aac78045c
SHA512 6b05668c87dfa44033c88cd6832a9c202779991710e4b599c6a55d0cb1771a16d8bcb469b9f36c6f3dd3d9fcc5ad998f023bacb72067099c1307d84bc67d774f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8e886ec2-c2cd-4afc-ace9-e9f4dac50f48.tmp

MD5 a67133a2e6d67d4c17b21fc2571d60c6
SHA1 25bdaf680e59f238b10c27093369a487ef38a3e5
SHA256 3998556c309b9c29ebcc92085003f0a0808987f333c009ad56d749e2164be1be
SHA512 6c12fc3b6d2d1793780011c1c7cc96670e456c48326e5fad2a4d288c168393ff69b04cec8f747a7279b5be10f1aa0abb4c32aa0b409d71f4b0726071306e6eff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4188c78d61841c9ec9653479510a0ad9
SHA1 e2aea9271a5a364ff4cb2e0ee8239a1a8a26ba45
SHA256 af76f89b2a0d197376063e6fbe2f119615f95966688c9597b9704c1aac78045c
SHA512 6b05668c87dfa44033c88cd6832a9c202779991710e4b599c6a55d0cb1771a16d8bcb469b9f36c6f3dd3d9fcc5ad998f023bacb72067099c1307d84bc67d774f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e267a192ab15d1819b895946f4a6a4c
SHA1 e659b2289334c382b6b2a0b08ff3e0b5636694e6
SHA256 d8b3c7a1fb1f338808c0c434da9b9862eaedddcac3b5934e1c69f38f13be8432
SHA512 4418278e3a02a2d2dcc916264663171f2dcaa2e5c7e95b766d2c97500bdfb003d9fb8e63d827503423159732875a284318774f5f139030874a37f13d70578f0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f30739dea0bdaa7423fc5ac2e97bef39
SHA1 872b7825e92ef2e499ed53dbb2ed2d3a0ead1ed0
SHA256 304c4e6debd817180c3de54d607905e07f51ed2221e3890618e6aff5a8a3e188
SHA512 30f7f52554e2924443eafcf854284b3b22405e55a833f639b7e7d1f3ce157cde59b012f14dad238722343049823f447098b8f7b8f31a458ee038903396b42a42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d17422d11a90a5ecd1b67248f376943
SHA1 02770cda5239c74d44ce9ceb117abcf0d1ec570e
SHA256 328c8250675da26a1e9608fa2ee657bc21b5e8f184b554a8cdd6759f1c9abccd
SHA512 84967eee381b261eacd638153225213260864dca5201ecb0fac6273ee8224d5441e34599b7360a0049c7a00f137b6391d0426af50031d08e28af66893c1b70cd

memory/7888-265-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 29c1227d0d2704a0a2828ec5b4e8d16d
SHA1 e47cd8ab840d9ae054a890aa822cf0fa616fbcb3
SHA256 ecdf260e7bbb81b8ffb98374e9a616f49d3368a412a4e29b8887369396572028
SHA512 125bf4aeb0c31fc7926ec85ecb9e4694dcde6455170c7bab2ad6109da7976bd1676be2102f671af769cdfc55727df688931dea376534b7a71444eceac3acb5a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4c1fa125-14e4-479c-9224-99cab4a97d63.tmp

MD5 12d3c31aeb5d13bac700c9cda51a0b8e
SHA1 59c5ccbe674faf2db700b5c8af36932b6e7f0998
SHA256 c62658dc0b9d710007e7e3b0eb38cb99f515080adb231e2cd054f94c044b973a
SHA512 9d8fceae60ac6ad8b91f4326c5e6b2ee3e2377eae1ed63f0eb2900b4f32837553c1d26006af3a9c0ee33bbbb549a85cbb74f99e0b8ae3f74b1b2ae0d0abcef72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 29c1227d0d2704a0a2828ec5b4e8d16d
SHA1 e47cd8ab840d9ae054a890aa822cf0fa616fbcb3
SHA256 ecdf260e7bbb81b8ffb98374e9a616f49d3368a412a4e29b8887369396572028
SHA512 125bf4aeb0c31fc7926ec85ecb9e4694dcde6455170c7bab2ad6109da7976bd1676be2102f671af769cdfc55727df688931dea376534b7a71444eceac3acb5a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d17422d11a90a5ecd1b67248f376943
SHA1 02770cda5239c74d44ce9ceb117abcf0d1ec570e
SHA256 328c8250675da26a1e9608fa2ee657bc21b5e8f184b554a8cdd6759f1c9abccd
SHA512 84967eee381b261eacd638153225213260864dca5201ecb0fac6273ee8224d5441e34599b7360a0049c7a00f137b6391d0426af50031d08e28af66893c1b70cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f30739dea0bdaa7423fc5ac2e97bef39
SHA1 872b7825e92ef2e499ed53dbb2ed2d3a0ead1ed0
SHA256 304c4e6debd817180c3de54d607905e07f51ed2221e3890618e6aff5a8a3e188
SHA512 30f7f52554e2924443eafcf854284b3b22405e55a833f639b7e7d1f3ce157cde59b012f14dad238722343049823f447098b8f7b8f31a458ee038903396b42a42

memory/7888-323-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4188c78d61841c9ec9653479510a0ad9
SHA1 e2aea9271a5a364ff4cb2e0ee8239a1a8a26ba45
SHA256 af76f89b2a0d197376063e6fbe2f119615f95966688c9597b9704c1aac78045c
SHA512 6b05668c87dfa44033c88cd6832a9c202779991710e4b599c6a55d0cb1771a16d8bcb469b9f36c6f3dd3d9fcc5ad998f023bacb72067099c1307d84bc67d774f

\??\pipe\LOCAL\crashpad_3868_WLGZTOCJYWTMAGVC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47ac1d2c92e2ef26e2c5a6da6da9f7c6
SHA1 1e9c821e023a71e8131a33bb037432b02cf4e84a
SHA256 45192735b437b7ca66de3345cdadfde1e1724c6312809cc678461cf71e2adbd9
SHA512 2769087d4f7907af0fd8e66967ba0d285b3f4cbf501be72f0321bb0e87aeca97f7c68a8009f22dc90804da8c372600a919af79fcd1a69683083b44f49b3ce90f

memory/7888-338-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7888-384-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a02ac980ca570786ccbc9f618be74ec
SHA1 086e95c3b4d3bf9f9b1a2c71b2589611f411be83
SHA256 7fd913049d6e29c472e9a8f4196778001bf4523731abb5da0d980a1025fea91b
SHA512 c5b3287e49976987bd0ffd9291eabb08ffdea32be6019113eeadf91b23f4445ad272bff819947e5de605352d9f160b509f197ccc6b2e1184339782b02ddaeaaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5fec54b90fa6c855e37edff0916e1039
SHA1 b3a2f3ab3031fa125d6041e4f709c4a7cb762a8e
SHA256 de8edebf943b2bafa4371817cfa2c4ed802528a29273f0b75369085528115bfc
SHA512 921843c1bea0540634e0e19cc04dca2f4c92b4e55ecc15131945d35ec2a7f1842e5cab4018e6ffd2299e2a841ce52ba4cff5ec1193ecb945ad2f411a873ecc1d

memory/4052-485-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ad784375d61fa5cdff696112b09bc7a
SHA1 933a9b98a6a2f5b7b31153703603500b2e02079b
SHA256 6f1ad14769c6141990ccfb6b971a148a1b8db2bb68e4172aa3ae8dd2d55b4360
SHA512 02644adb829717e3101506324b0715f615ffc854f27183fae44e6bb791913def87d843cd3ac82c90e346afd8cbc1649b3acb30c9bd82003dc759127196337d0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ea36a3041c32769c871ac597afcac54
SHA1 7298bd2dabec4c9c0a30c4e9bf3f0c1bdefd5bf6
SHA256 768ba22d72ae9bd1f6c2c4f3dc38ea2220d88a33995a61712bd401300a93a0bb
SHA512 0e49637bc34ad143d90f7db8349a86b3b7e8ccd7387f113da13e23d03e79a41b293824d117e9886a063bc3a66653b8d76fd79661f56129e32c2bf87e5c46c534

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

memory/3932-570-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3932-571-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3932-574-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3932-582-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4052-626-0x0000000073CC0000-0x0000000074470000-memory.dmp

memory/4052-627-0x00000000080C0000-0x0000000008664000-memory.dmp

memory/4052-628-0x0000000007C10000-0x0000000007CA2000-memory.dmp

memory/4052-629-0x0000000007E70000-0x0000000007E80000-memory.dmp

memory/4052-630-0x0000000007E00000-0x0000000007E0A000-memory.dmp

memory/4052-631-0x0000000008C90000-0x00000000092A8000-memory.dmp

memory/4052-632-0x0000000008670000-0x000000000877A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8767f34eef23baf51e33908d1a8768c2
SHA1 238f9a909f86efc48cba8e44812c56a7047aca60
SHA256 8b775d14eee916bbfdc7fb5878224883cb7628edd2512fe5c1b155f3736247fa
SHA512 5ca307d9f925b72b2a31c58bba1ccfc9bc2f7a36874cf28da447a028b8c6c26e3fe413c7177ae039debefd5fc7f8ccd5f35479c1d5c6c6fbb76fe84983672e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593128.TMP

MD5 0bf648eb8f6ab7552e1b9c96d7cb92b4
SHA1 62b4f940a70af30498384ca8f1873765a295a3cc
SHA256 0392be754883a93122b6805c222bafe2e95fbaae78acc26150aefef255cd23dd
SHA512 dcc86a5ecac766a442ced63c1b421ed8bebaeb6fa575091aaeab011f225cc1aaab2a62c4b603172c37dca76b8386b351bec9dbf760386435ffc4df82cfabab54

memory/4052-669-0x0000000007EF0000-0x0000000007F02000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/4052-702-0x0000000007F50000-0x0000000007F8C000-memory.dmp

memory/4052-705-0x0000000007F90000-0x0000000007FDC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 13c690971a720f9f0653e616761e7be0
SHA1 56b1421e8f93ce1325aa16c3a0224418cf1ec0a8
SHA256 dc6f91c8f5e0731169f81ea89a2546cf429cceeb85da6cfc186aeb4e42e07ae1
SHA512 fc87caf623e4213c6111a739c60413f4adf1c4dfce066b6800446abf85026a220972a52851eb5620b7e1916c5f47bdfde2660983fc413825bba16a252e66c004

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf2f2f612b91794b7753c9eb5d435057
SHA1 72a13137af5870d1cdf14ca0985d2f49629b4e94
SHA256 8909865022516324bbc774ff9c4105b6672f043f8bca9586012dd6de3c9543a4
SHA512 0e711d42b943eca05c5be07336bf8afe7aa0ec1e124eda9e00726aab05142831f5154d5481b74c5fcc6a59ae04caa764395839cf9da923e28ff9b4c648cafae6

memory/4052-871-0x0000000073CC0000-0x0000000074470000-memory.dmp

memory/4052-872-0x0000000007E70000-0x0000000007E80000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bfde2d4f3a5cf7e04e4b0173e255eb06
SHA1 19e41c0b3922d43ecb4539c1849a7f763fd7bba8
SHA256 e3a69fa4459522500d2d6fc5f1e46b3eec337af845adb7c878decca9d8e8daae
SHA512 b51a0ff08b939260f5b62bb5b4a31eff0d5912b901dcec3ef31e32efc949dc1f13db232901a012ca76c5b5b164fe4dafd2008e16163968aef6759addbfc3de41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0a4ffd991b84771c1b32ca54f7c9e062
SHA1 02c0016fc1e75094e8dc844f235da7c9c6db666c
SHA256 c229cfcbacf6d8e671e11f1b9a6ff41c8e782d821fa634cf2855acad3bf01a8b
SHA512 99a0deb2ea339a8f68887d64fc68945e511e380c4428acd28d36d0450defc5df5e1a0a6b4d37af9f676d2d3590c6d80cc55bfe209168d94157be8ca9f5d5e22f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c317321e441c988af1c8aab8804ede61
SHA1 db559dcf3f266e09fe5a8bc5da5fc0ed8730e89b
SHA256 e4b73a644a01127583f39f534d5b1345469b4fa535ef9eba0b131d255c9a64fc
SHA512 0791f4a5d07511b304f95c67752b181cd7259c39e3bca839179cb933b7a2b4e4b622cc224fcfc016289bfc5de4b22854300f9d57c6a05a0cf721bc40eab87aea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9aa84e3e3b0881788d4919344645f506
SHA1 ada3777e01169710e283a14b617e05f24f623c44
SHA256 eda201fd1b02be0d8540f79e14cf93f9046edd86e4afc4a1da9b927c57331b8a
SHA512 ec99c5388c73115363db7f5639181f633bab1b9a210a85f25c8fdebc6a4c16d07679b3f75feebe9c373fb7296daa147f5086ab5755eba4fc080b8b3891680e0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59db53.TMP

MD5 285fb4025f4449722503e5ddddcb0464
SHA1 3057609bebe42c5b28658b689629dc8a19af35f4
SHA256 cc02f07a3b1e73d97c90e24a05306bac5b26011ed4b5238ebc1043525c94b017
SHA512 44e4be59f37188417e44bf1ad4750a6ecbbc7912376a2b2fed0e8b8ce1c3dd39c79abe2a031bbfae931595945b1076f244941f342e9537bea3c9008ea40cf1cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9abc0fedc87d81db4c074cdd40d5e975
SHA1 d1ae37c0ba259e61e4913d483741e0d449d2ff3b
SHA256 363497577c2f964d45984ac7768a1146e64b3c1fcdce3d5ff5c14eedf4fbfca3
SHA512 faddcc3a477a0fd12725ae66f5f726a50274fa09615a07e2c744e08d8397fee6721f1223e8c2d63df189f61df13508be35a44849904c17113fc828ec58278606

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26d8aa1dbf26634023d5a328fa2d8d94
SHA1 2cf2f57caec2c6a60caace64f637b268ed527815
SHA256 9f1090f97d4417c4ef74cfc2965f9f18820f5fe90005114491c1aded8e3b63c9
SHA512 0e56a30d61dfa41b823fa92b9c5f91ebc122ba3f61c96ad91b913402f9eefcfe90f7744cbac1320e5952983d9167a0f9886ba7ff317982442223bea41867a2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 c855aa91e31fcc40e3128e4848f32332
SHA1 46f11f34e21bac071969ddbe3ac3106da72c1762
SHA256 f93498654fcf67575aabbf743c9dac6ae2854640f0430e84f176a7acbdcfca3a
SHA512 0cd7a5cf5f11c7c5cffdb7682fd7457f11fb9cb1ebdcd2739d35353f82ded283424f965a3a7c7647e3f1bdddc01d1d616788237d14be1a0630b7c1921e489282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe59dfd7.TMP

MD5 9318d2da2c65e6eedcfe1f0b227a6302
SHA1 d616e50f06632c4ab3dcd08e02ab0cfd3a49f70a
SHA256 1e871680bed727a988ea46eabf0242c53f77aba9280efe5cb096102a81c1d759
SHA512 473c963f4d57b41f2e7bdfbf39ebe050ea939b040e2c9df8b8a41b824e1fcb0755b034e755d9d31edfa20a500333f1fd90fec8739ab01b864cf3fed81fdffe83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\e95487a3-8ad1-4a53-947f-a98b7742eff0\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb657d5759b27b24fdb92fc63a24b608
SHA1 8decd2d6e3f814c9476b649561637518e5bb6247
SHA256 8c9774c2a3b0591fc8928b941a90d41d4df55be162d526ca4e7e1a6552828be7
SHA512 a3ccc969edbff571f39be9242214a63c1dc5d67352528a5347990c154729d8606446b3da083b0c076e34c9e232267a9a7f19f16b5fb9b2735cf1e9b25573c7f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 27f9edad68a4dfc380507a618aee7f2a
SHA1 cffb1789761b82c616614f2751fe1fe075135eb1
SHA256 8001367e33939341cf8a3e89915bd5bb49483cfb4aaebc72052e45449272aeea
SHA512 0304f802507cecd53608191f9f7b9ccc4d6a3c4077b59659f4a1df3ebea747f4d338afa772eab2945d0454bb2b41321d33b0e0e8cf9e1c5ef8354145b396abf8