Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-dp3f6ahc32
Target 553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac
SHA256 553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac

Threat Level: Known bad

The file 553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Detected potential entity reuse from brand paypal.

AutoIT Executable

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 03:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 03:11

Reported

2023-11-11 03:14

Platform

win10v2004-20231020-en

Max time kernel

151s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2192 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe
PID 2192 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe
PID 2192 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe
PID 4060 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe
PID 4060 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe
PID 4060 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe
PID 5084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1380 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1380 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4684 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4684 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4532 wrote to memory of 3436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4532 wrote to memory of 3436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2440 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2440 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3604 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3604 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4152 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4152 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4528 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac.exe

"C:\Users\Admin\AppData\Local\Temp\553f349f995e93015d9d4edc04be5fee480e37c9b87f99ecf9e9857697d712ac.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x140,0x148,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14792890306316316114,16554405513247715553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14792890306316316114,16554405513247715553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,4069606465159801600,2211958282003335330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4069606465159801600,2211958282003335330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,8908436877108451990,7758186315013715858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7887958501344192991,16683149434460399675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,16404746414833464746,2472852825135287551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16404746414833464746,2472852825135287551,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8908436877108451990,7758186315013715858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14143347323720878032,14517393090140029884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14143347323720878032,14517393090140029884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7887958501344192991,16683149434460399675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,6874960645506100576,16129983356770764217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6874960645506100576,16129983356770764217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fff6d4646f8,0x7fff6d464708,0x7fff6d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2dX0677.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2dX0677.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3yn81cN.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3yn81cN.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7352 -ip 7352

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,839460007352067531,754179138028244635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9764 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 157.240.5.35:443 www.facebook.com tcp
US 157.240.5.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 18.213.74.63:443 www.epicgames.com tcp
US 18.213.74.63:443 www.epicgames.com tcp
US 104.244.42.1:443 twitter.com tcp
US 104.244.42.1:443 twitter.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 63.74.213.18.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.197:443 t.co tcp
US 192.229.220.133:443 video.twimg.com tcp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 192.55.233.1:443 tcp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 c.paypal.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
JP 23.207.106.113:443 login.steampowered.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe

MD5 80a1dd852c203cc1db0337d3441af8c1
SHA1 e4fc0023518a84d10b492313f3fe35e2c48988f9
SHA256 60b51d22f9245fa98ac633986fc2006a48208e723b04061b80676c4635d8f53a
SHA512 43acdc6578fea7c8f2444925bf60c3ea3fb12e3e67b19861398d057ac1df2e865e5ceb87b63d4b4dc200c5d4f2b2341fe48dd3f3ca0af7c65886413beed1fcdc

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ed5Ik09.exe

MD5 80a1dd852c203cc1db0337d3441af8c1
SHA1 e4fc0023518a84d10b492313f3fe35e2c48988f9
SHA256 60b51d22f9245fa98ac633986fc2006a48208e723b04061b80676c4635d8f53a
SHA512 43acdc6578fea7c8f2444925bf60c3ea3fb12e3e67b19861398d057ac1df2e865e5ceb87b63d4b4dc200c5d4f2b2341fe48dd3f3ca0af7c65886413beed1fcdc

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe

MD5 da2e32c284dc6260fdcd535bd9dce26b
SHA1 e080142e293a216a895783b1c5f14117a42ed3fb
SHA256 132ec0ccdd23ba8ce96cd808a53eeda936208b05c989011e7f4274a0a1fc6ee7
SHA512 716d6e7b1000bfd70893eaf28362cce1c2ed0a0ec217be9167939ea538b93cc23696af217a30541d6299092184d7d35d6623739a614fadca727693c12ccaa355

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1fG39HP8.exe

MD5 da2e32c284dc6260fdcd535bd9dce26b
SHA1 e080142e293a216a895783b1c5f14117a42ed3fb
SHA256 132ec0ccdd23ba8ce96cd808a53eeda936208b05c989011e7f4274a0a1fc6ee7
SHA512 716d6e7b1000bfd70893eaf28362cce1c2ed0a0ec217be9167939ea538b93cc23696af217a30541d6299092184d7d35d6623739a614fadca727693c12ccaa355

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_4528_YUVRQIJYADLYBABQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1380_FPEGIUUFLHQPZFLW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_4436_OUVWTHXIYNNOGKGG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_4684_OVGNZRPGFIDNLQVW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_3604_TMOFJBPUMRCFAIEH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2440_RBHYKRRWBTDHHDSX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4152_XXWRMIONNVOJIMAQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4532_XYUZMIFNWSLDDVXV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2dX0677.exe

MD5 bc1da3ce97bc524366b18f586f75e762
SHA1 9574606e705d5ec722171b645ab9a8375e766524
SHA256 0d2fea6da114705398bb091ed38096bc52a34a2928779d505aef1c6f28392666
SHA512 2599193a0cada61d84eb2e0a5a6f59a9ea8d16d81e37d9a79feb47ef5c3571e217265b961158e1838f1b8c303c03e0800aa9f74b8730e68b6d821ecd5981b8ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9521fd1186c88ca21a97f2c3ad876688
SHA1 21a2b65a80bcffe420cfa8dbed8455050a7d1ec2
SHA256 8853e182b86b15c57471f17ba3b85597489d0136fd6d28f08f28c389c64cd721
SHA512 c0cf641f5be86529b8a048fb71a779328b36d9c086417413bd476cf76efe76017df41d48b23ae621a63dc46b3d42d35e1ec90306afc1fc10ed87c38bf317209c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9521fd1186c88ca21a97f2c3ad876688
SHA1 21a2b65a80bcffe420cfa8dbed8455050a7d1ec2
SHA256 8853e182b86b15c57471f17ba3b85597489d0136fd6d28f08f28c389c64cd721
SHA512 c0cf641f5be86529b8a048fb71a779328b36d9c086417413bd476cf76efe76017df41d48b23ae621a63dc46b3d42d35e1ec90306afc1fc10ed87c38bf317209c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2dX0677.exe

MD5 bc1da3ce97bc524366b18f586f75e762
SHA1 9574606e705d5ec722171b645ab9a8375e766524
SHA256 0d2fea6da114705398bb091ed38096bc52a34a2928779d505aef1c6f28392666
SHA512 2599193a0cada61d84eb2e0a5a6f59a9ea8d16d81e37d9a79feb47ef5c3571e217265b961158e1838f1b8c303c03e0800aa9f74b8730e68b6d821ecd5981b8ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e747ef4d6fa689f4421840f5afe4c667
SHA1 2d1e8f78b3235d3318902f5f1a5c021a0b8c09c5
SHA256 6751a0b3e28d8ab125ff2b681fe0f66ea1073b3616709355b021503d294a5b1c
SHA512 884caedb0b9c2a17b9c6a12040dd22a4632f42e93a1234dcb1be6b94014e2daeb93364aeadf17debbc942e34e00a81f8977718c2794c16a819afe5ddcc5dc248

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\91974011-9d96-4104-a372-41561eec269e.tmp

MD5 35ea2141de06d055b2ba594c89809c27
SHA1 3bf1ddac8e8d2d71e990a736d3f050d609d93b0c
SHA256 99d237016dd79ad56819227fdc30a5aeb28f3998c0bb7de72d730b3d22eecf15
SHA512 e82f3a816a9b167d7e5fdfacc68d2e15a32b90b1a636a4c1084e079bb68ff12b9aa67c4987691da511e6516fbcab452cf20d045789d158d4553c4b577d82744d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e747ef4d6fa689f4421840f5afe4c667
SHA1 2d1e8f78b3235d3318902f5f1a5c021a0b8c09c5
SHA256 6751a0b3e28d8ab125ff2b681fe0f66ea1073b3616709355b021503d294a5b1c
SHA512 884caedb0b9c2a17b9c6a12040dd22a4632f42e93a1234dcb1be6b94014e2daeb93364aeadf17debbc942e34e00a81f8977718c2794c16a819afe5ddcc5dc248

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d15e9328ec87ca1c475f7b1f65c33079
SHA1 fee1bf77d5390c145148e10ae681574505aa6366
SHA256 43c16cfda346460178086355359b18c578f2228e9869181d7ffc9a8908422d5e
SHA512 3aebc289143f44b8516947b5f3198e25f960a53139a6b9c1c50463d07da1f4da9cdc51f9061162ade8dfdc6bfdbf9558cec45f158e7ee9f05a2fa991ca38f8b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2098f44b-2bca-44e0-bde5-d23e4513e688.tmp

MD5 a22a95d69da2ec4af258b6626b01b613
SHA1 ad14b98bd2f4a019f92f37d478f08c0b9d915b5a
SHA256 cf856b50db4089a5b0ba6e4c720b3821dd1225e2c9e88e3f8bd0a47efaf91875
SHA512 2280208e21012fae7ac8ad24de2dcea4c6239ad76501a282f9561c93fee4786bca611258e2fde86f2e901444b94cd338812fe460f4953c91fe109588cab410e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d15e9328ec87ca1c475f7b1f65c33079
SHA1 fee1bf77d5390c145148e10ae681574505aa6366
SHA256 43c16cfda346460178086355359b18c578f2228e9869181d7ffc9a8908422d5e
SHA512 3aebc289143f44b8516947b5f3198e25f960a53139a6b9c1c50463d07da1f4da9cdc51f9061162ade8dfdc6bfdbf9558cec45f158e7ee9f05a2fa991ca38f8b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0c33ee82efb4a2c77aa43fc8993d0e53
SHA1 2ee90600b5518e1a1c41c1b92295cbfbde39bfc6
SHA256 edb1009df487ccb20b84ee5c1bd39195c1e269f7984808f75632380401be2c52
SHA512 5bc9ea443a8bae546dd16351ae538f9b05bbd9028d41bfbde1bed9ec1b334956fc19b8066b8e79fc734f378125c86c6d69a86b0d20440fbb8e2bb9ccf79b2f01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e747ef4d6fa689f4421840f5afe4c667
SHA1 2d1e8f78b3235d3318902f5f1a5c021a0b8c09c5
SHA256 6751a0b3e28d8ab125ff2b681fe0f66ea1073b3616709355b021503d294a5b1c
SHA512 884caedb0b9c2a17b9c6a12040dd22a4632f42e93a1234dcb1be6b94014e2daeb93364aeadf17debbc942e34e00a81f8977718c2794c16a819afe5ddcc5dc248

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\32b97761-8d8d-4639-89aa-4b2fecd393ca.tmp

MD5 edf27b6c4cc70ec9bfc8641e8e64fb2c
SHA1 489dc4b02241a3ea358b2f44861320a3dc03da67
SHA256 27fa006a7091acb4b18bdb5eee3e001475a325b77a88bbfbec6aab9d41802707
SHA512 afc79a686880eea7b25f8d53cad9506da3c6ad32f614c1059c5dfd8c80f78fd9b2e5ef06e4ac50c6ec6c14c2deffdc8bc8b6882f252066f097f2359d69b3ab42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d15e9328ec87ca1c475f7b1f65c33079
SHA1 fee1bf77d5390c145148e10ae681574505aa6366
SHA256 43c16cfda346460178086355359b18c578f2228e9869181d7ffc9a8908422d5e
SHA512 3aebc289143f44b8516947b5f3198e25f960a53139a6b9c1c50463d07da1f4da9cdc51f9061162ade8dfdc6bfdbf9558cec45f158e7ee9f05a2fa991ca38f8b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\628f12c5-ead3-4c9f-ae70-8a0d73f9f7c4.tmp

MD5 0c33ee82efb4a2c77aa43fc8993d0e53
SHA1 2ee90600b5518e1a1c41c1b92295cbfbde39bfc6
SHA256 edb1009df487ccb20b84ee5c1bd39195c1e269f7984808f75632380401be2c52
SHA512 5bc9ea443a8bae546dd16351ae538f9b05bbd9028d41bfbde1bed9ec1b334956fc19b8066b8e79fc734f378125c86c6d69a86b0d20440fbb8e2bb9ccf79b2f01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d39c3c58bfb71e0e45a88053f424a123
SHA1 3b68dc9fad36a9c1ad4247705163589a1d882c3b
SHA256 a87f74d8c05ac1dc27e7ab71bad36db6989f480dbd74f42ecaffe37ec2d672fa
SHA512 fb03d6789146c229f7f364576d3e8dbbaaa2425b7b39087984891e07a90291afb6cda6e0e08a7d603fc93cd0d693f84b61b99466cb4a06e823ffdd829f998445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 edf27b6c4cc70ec9bfc8641e8e64fb2c
SHA1 489dc4b02241a3ea358b2f44861320a3dc03da67
SHA256 27fa006a7091acb4b18bdb5eee3e001475a325b77a88bbfbec6aab9d41802707
SHA512 afc79a686880eea7b25f8d53cad9506da3c6ad32f614c1059c5dfd8c80f78fd9b2e5ef06e4ac50c6ec6c14c2deffdc8bc8b6882f252066f097f2359d69b3ab42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 35ea2141de06d055b2ba594c89809c27
SHA1 3bf1ddac8e8d2d71e990a736d3f050d609d93b0c
SHA256 99d237016dd79ad56819227fdc30a5aeb28f3998c0bb7de72d730b3d22eecf15
SHA512 e82f3a816a9b167d7e5fdfacc68d2e15a32b90b1a636a4c1084e079bb68ff12b9aa67c4987691da511e6516fbcab452cf20d045789d158d4553c4b577d82744d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9521fd1186c88ca21a97f2c3ad876688
SHA1 21a2b65a80bcffe420cfa8dbed8455050a7d1ec2
SHA256 8853e182b86b15c57471f17ba3b85597489d0136fd6d28f08f28c389c64cd721
SHA512 c0cf641f5be86529b8a048fb71a779328b36d9c086417413bd476cf76efe76017df41d48b23ae621a63dc46b3d42d35e1ec90306afc1fc10ed87c38bf317209c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8c605ffe-089d-4dae-a69c-e14be908f85b.tmp

MD5 2af091a3c054d7e417c6d92f3b0d4b20
SHA1 b547118b82fb9b84619a03b99fbf5112ccfebbbc
SHA256 3751664516e9f73a6421d4287773b7c4ac077998beb3d783524262fe292efced
SHA512 77da4692321b1f41654dd58e913902a581a4702b8df6e218edf0c5c7f1a50cb44c1c6ed766339bb423681b60378156d97335a97754d8ea840b324c5edce671b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a22a95d69da2ec4af258b6626b01b613
SHA1 ad14b98bd2f4a019f92f37d478f08c0b9d915b5a
SHA256 cf856b50db4089a5b0ba6e4c720b3821dd1225e2c9e88e3f8bd0a47efaf91875
SHA512 2280208e21012fae7ac8ad24de2dcea4c6239ad76501a282f9561c93fee4786bca611258e2fde86f2e901444b94cd338812fe460f4953c91fe109588cab410e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f3c9251eb229bf83b03b9aa094b33b6
SHA1 10d4c907b473b99ad51c44c6f257f98ff2e9c250
SHA256 b8e8e2b8150f44e341f8540050bef84a431e59f44b0921f075ca6f8348a8a6dd
SHA512 edb9351834fdb7df68ae1f51ef8b26a5aa170f0396097c21564e2858e1d79559ac2aa6d71959242ff32899ac743143295a8539bd29ed242f40fd40babb4f327e

memory/7352-362-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7352-363-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7352-364-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7352-367-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 618d941f998c1e712bfeedd77efb5f6c
SHA1 6b436ba0ef9861d5e34aa52f119a0c176cbf5642
SHA256 7a692f86cb80e71652b93e97ed659487bc93a744f8e33f7cca86ba6f73c4966b
SHA512 82f5e0fdea69a76c9f1e4c288755c5dd6ef46d5d2048d0dfb289a74bd07fa4e37d00324fb91c13ddf4b0b40e2af087173bed9293093e4be4ef5cfdbc4d979f70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

memory/8052-550-0x0000000000400000-0x000000000043C000-memory.dmp

memory/8052-551-0x00000000740E0000-0x0000000074890000-memory.dmp

memory/8052-555-0x00000000080F0000-0x0000000008694000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/8052-566-0x0000000007BE0000-0x0000000007C72000-memory.dmp

memory/8052-571-0x0000000007D80000-0x0000000007D90000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/8052-582-0x0000000007C80000-0x0000000007C8A000-memory.dmp

memory/8052-598-0x0000000008CC0000-0x00000000092D8000-memory.dmp

memory/8052-601-0x0000000007F90000-0x000000000809A000-memory.dmp

memory/8052-635-0x0000000007D60000-0x0000000007D72000-memory.dmp

memory/8052-654-0x0000000007EC0000-0x0000000007EFC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/8052-701-0x0000000007F00000-0x0000000007F4C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6bec23e3496d0b51d3ec6c0143a9394c
SHA1 46e54c52417b75ec3a941f3e9b8e93329a6dd5f7
SHA256 8bd941f19fe397497282c41c31c8219b258aed4dc78b745165de8230a8013064
SHA512 b84837cfe2bbbcae421453b89808804b436a5c3482971ecee83ccab7ede06a64b6194a6eef1ea899713b81c1d3f769b94d7f6686171a57d49a116dd9046345ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aed75935350e0be7a22759250cf27c26
SHA1 00c73e3b36b3d7c794ccf61ef9b05a217481b0a6
SHA256 ec85b0dd11eef110779b81bd96631f575b8927c95fd12d56c18ccf30a20e8306
SHA512 523b230433a918c68d6b83832ddb5ca9a0c5ee24f9e7f30aea9b4659582d9195b2e9dff1f8537541e9a69f16c39bd21ad12c339a53ee12a48c926b0f6ae5ec61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a469.TMP

MD5 75f1d53db3f20450c05ef3369c6e7a84
SHA1 1319e879120adafe63f2e37804b2bc0663b1b9f6
SHA256 fdb612c0af9edd8a768a1ccfc92d77bc13fb208e3dbbdd1e6f4d4cace03a6a92
SHA512 fd4e6e584d4f9385636840dbd1030692d25ba26d97b7a4518eff9dd2e9768fc0e3326eea4386c889866ced9c36e1ec3f1dd47b60129990e11c527c8dcb99f6f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fd0ce9e35ff9d7bb019c8a1272f06d03
SHA1 8d6b3f1ba6ba631b8da6a55bbfbdfad4a1fea1f9
SHA256 326a7339a85b5d0613eaad863e5e25672a36f8dd0fbf8edfbbae1cd7068d7b7c
SHA512 ece0279044c1cc201e72ad489a73e82b639d62f66a37105487fd7a4e02b805728d4ca135257e5d6094ffaafcf9eb9cd7675f6aee0260f065c7e0e8f16363dc89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\40120d3d-fcaf-42dd-b6c2-bb924f88421c\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 ae1c62dfddfd181abecdeba33b42f388
SHA1 0be67b6aa0eabebcf35655c7e0c5dc6f38c979ef
SHA256 399b2daafadcdd11db9382c786215d6bbafbdeffef43dbb1ab20fa1f5f46dcf9
SHA512 524119e6fd8a5aae0a45928040d9c8d4bdb27cd16d532c13a37b2596459d1a43f2062bf28139523fd18f7cbbbc8239d3a7eafaf8fa4f8bd74be79003b9222d7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58bbaa.TMP

MD5 985155784820c57eac7da1ffd5f19397
SHA1 0a3d6e869f3b8f5b2841840cfdd9cea6a82d28ed
SHA256 7bec092ed7dfead62284c10bf4319e9e3a2373cb152546798003a42ad92ce91f
SHA512 378e143cf759a28393f240099895871b9c1934049e1f82ae0d0b2c1ab18d38f4cc7a2a349941f235be61d3176a8d19bcac356b2d2989cd6fd154e73e62a22145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58bbaa.TMP

MD5 1aaf2187e011133a1724702c237b9d93
SHA1 74ef8c31fbe25d117c2ce6d50654d9878c08537c
SHA256 ea1b6b75ca3ce92eee1cc844e2222854d1dfe3a1ac7b3bdf40d9a71ad232d4e0
SHA512 b6aa0383b2df342cb5406449b10c2c200f097d5dff6922b6b95a884f6a0a3bebe5a533f200404f364d9fb5544bc028da1931c1cee9a6bc2f2398e21fcbf09137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae4ee72d9c7e8a94dbc9fa92a7c80ccf
SHA1 773bed1af283037a1a98f0fc863947e56962969d
SHA256 841e56e90ee9f10f984719a6d02465f8445d031c95f0c7f90a10c0d1c65e415e
SHA512 c9f5e80958fc3b3330d35046e2ec119b030c211e3d3576d53bbf35b79ad319bdb4897c91d13b9d1f60236db1718d30e56210c8a72b85f2fb4220d194aec087f0

memory/8052-862-0x00000000740E0000-0x0000000074890000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 808654d14334c842d816e8c0eae79134
SHA1 63dee4972efdf5328a5b1c0b1eecf28203b25112
SHA256 7e5a6cd22e6a4f0e46437bada5c63b67f1b7070878e91d2b51b77719dea9b70e
SHA512 1281f38a47fa7f788a39ce203b4086782bbe193a29ff95148196394cf0a92b5e642504a69443425bebe294771d83eef0cfc07795200b719cd6ddaefb5db71b2f

memory/8052-875-0x0000000007D80000-0x0000000007D90000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6628039482ba6ce2e404c3767aae01a9
SHA1 231f5d91b4dd9c5137ed8aff32749a42399c9358
SHA256 edeb713742f3b7ba6e95ba4fe0e00f76560578fb585c6d37dcee21a808ce5056
SHA512 a4fb10f1ebc02b81396f8b49577c9411510d73bb7ff197e37b44339357e4a2b2212e147bdcb8d09a423f8ae05b1d55a5ef2163922229be15b05c4c9dd369466b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 7071812e4c555caa2c5748afa8113ab2
SHA1 8d5235d041fdb9d3c1d5d449ef3d9e207d6f6b6a
SHA256 6d0724ac98ebf92124c25a732ff214044f3e6f21b1c2d5de1391dc9395bd1422
SHA512 4475af4cd3238d874cfbb87070d7428f8306217a2e8aab6852f83fa725b8c2a4177cd08477c065b2750e8fa6464d92287b75641a7575224e865294ff0a3aabdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f865.TMP

MD5 32a99b01f86f9ea61490ea5230eec0a9
SHA1 f46ad05110d490ae5f4d277be833ee24e1eac222
SHA256 911bb111aa2390ce9d6d83fbbd7d74ff849c8cd4bb348bfcb49ac04b5c8d1171
SHA512 25d8b4d3efb09033ad05cfec94121423fff79b807f7c36411c35188ec549dd7d2845b553bd63922ebcc20a349dab5837d0e378c4df17816c5561f91953336922

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 47598f830c4f543c8d01d2b82fb3c5ea
SHA1 cae5dda0e9dfb216253eadfcf5aa5d4a9eda7afe
SHA256 a51bd79a6539923a5255b5cdbdebf547f8a4f4d9ea09dabb5c54b79614581f23
SHA512 b095e0c322b15f3078222ef9ec92199b6146b72bd7e22597a7967fcca2ff7e32b6770211f373e25de7c1de25074e695c2e680a01ab3ba4f6822f6e1446170bc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0693dff0c47309b7572fa9e8ec4d3020
SHA1 c420f3fe88b25b7690d6fb1d26211d8840138261
SHA256 92de9ab394b5406938a82d29b55b63174632534e5b71582b2cf2c25a9fa03ee9
SHA512 902a1af0d31e03c91b69cf4f2d704872e943387b2b8c19ee6773abd124804d4b55e332015abd579299e3e5f7e05f03a12680f66bf7ccbba90a341a2186f3662d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 de73942aa43d1eff38418a27d6d30af3
SHA1 87a12c841716ca603b9572f7873a752dbaee004e
SHA256 cd6b73d2059349bda18d47e5bd393ee297757881b386e809993fb66afa11ce3c
SHA512 3b1178f9c8f0528ad073edb20251bc484b0d5eb0d1bf7d17a30af9d13eedece3a44c2390a7d9fb31a827f2c892460d983f9257766622011392c9a83d2c609eae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c2d4df4bd20c9d215ac35e7a191d12e1
SHA1 47b13ee28b6abda91b43b6929a461c49eed1af80
SHA256 75e9e2f0a70280120a16cd917fefbb0aa89feb400ff46fed05232ef13510fd40
SHA512 081a7fd03607e028afa8516cb4262fb99995bd9c5b5982ae1b9636f05606f89a6b5fbf4fd0512f5845144b60875bb2586f0bf2e48f6bb619c7ddabc870b8e042

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 327f2f8c756d6418ec26a69a0e9da86e
SHA1 67d6fc831e5510ea87e3a1337b8fb00522b188f8
SHA256 e9ccde9cf76e5155cc49c8b1a489dc6df1ef830b14086ca58b8b2a5b579926f7
SHA512 5c766e63633324c3a667d06fbf827193064f3eb020e6356c394ee78855acbe9a3651061bed0c7ed00f34b36d6262fb46ba64b1356716478b90716924aae4ed0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7febbb6bc2be308e88628b960c1e021e
SHA1 88b987452407972e7aa30a988e2a3ca89a3be917
SHA256 545afce89bcdff79408f15dae024562e92ad148f7ea6fbda08519c13c00cf1c7
SHA512 6d8369dc09d96690197cce9f024d8bc27915e983b5af98948aede985c3bf1a10f7c8f4f4abc273b8136502cdf63c9ae34479d323826ecaf719fd58ae032566dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a1c9afb1-185d-4fcc-8e6f-19661fe5f0ac\index-dir\the-real-index

MD5 522fe9c1e68f745fc79d39af300e207f
SHA1 50448d0d1c125d5017d3fdab256bbff5cc6f6d70
SHA256 a3a72ed40e12ebe67657c624ca71c492d70171f985c3e0d75b669f1e2bd9c4e0
SHA512 a90450fdfe704a3d004e166df885c0e6ba3e91fc4ed999fa13d8afcabc4cf6dffdd7d504ac791f059cf718b57d836dab36990ac404b6b9cbc32f425acb46608b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a1c9afb1-185d-4fcc-8e6f-19661fe5f0ac\index-dir\the-real-index~RFe595395.TMP

MD5 416b0c4924327ba9802e7c418a09d9c6
SHA1 678aef86b6490b8c251329f39daac6d97e97bcb8
SHA256 d24e089851d41e1548d86c5f8e4fa94d478106aa24b5b410e3e220f5a91086e6
SHA512 74208a905220e408bb82bb720a51f9c999c076e70873d42f4679b6b23e698898cafadefa8d84b4ca6866154f065440c85b02716da69dfa0ad5d43400eb05da13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2189e8e3ef7a4ae64a8eaacec31d5061
SHA1 982eafdfee920aac550f7c88ebc05e3d302c8663
SHA256 1e1f711bcf6f3f73b91fc2128a4381023babd5c7a4b613fda83b8c93fe05d71f
SHA512 111d33dbe8387561eae03c9ebdea71a9d9a1a6074dbc2e7e7bdbcffb56bac9a115cd46579f7478962da1628862390ba26447b19d5a73a9f389b04799f1044899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\426e9fd8-f47c-4f5a-8c27-2a5ca4467ff6\index-dir\the-real-index~RFe597f29.TMP

MD5 5444ac8e7fd14d9d393e9e7be1bb7a5f
SHA1 12b7744dc5b6d82972adff19f008fb4f3abf0fb0
SHA256 c55b02bf1c4eb16487a9781ed331a83caaf57dbf601a196625d2756e33d89205
SHA512 1fe53be4bede2240c10f0fef5f5833c6aa115ba9bfef0a2f0ee15800463fdbd75a89e9ff15e503a797449d83616e02e423058cae969f45fb9d4f82e83ba8f10c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 89f5a3ed4952a6364bd852cf4c6cbf6e
SHA1 37b50ea521ac5a7942081399b536c32b554fabfd
SHA256 b0792a3367c23dc1972604430d2d70d65aeb488f0e811abc2f40b1743449103a
SHA512 e00b15a2238d62c9f38f0956cf8e9ff13eb74eeb90bc4faec9d39c60171a10ac42f74edc772d05fab26618e7e8de75ca2c6b35ff523dde925257e2fb42db46c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7a51f7d2ba5b02c28669e619a046e735
SHA1 c11756801fa179fa16e9f5e06e57702ada98368f
SHA256 93d233e48b0f15238783227bb381b1c45fcfa2e0435fc69f3f05e7001962f945
SHA512 0a0b80aaa87e6b6599b4e850401f9315988e6d4db46ca60fb8b5f0edbb0ae243aa0f33ee99f8a7b97a94799c4e9ba836f4210e1a4df462a3fbe1ea6f47a43e63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\426e9fd8-f47c-4f5a-8c27-2a5ca4467ff6\index-dir\the-real-index

MD5 841fb0c7f5f5678cc111678fdedff6e9
SHA1 7ee45a519499dad6c18ed217e0416c1ac06e15ad
SHA256 434389a76e6629d3089db10822b2665c4784981eddcc786bf9b33d389a51c38b
SHA512 0bbeeda9e7dde05caf1b8fc75b5cedebe57b53d118c5b6e6e0a7ad4714a9e9f6714098a226654a5ad6398c90bd24e86d029c89f37dbe9659508db9b0ea638d13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a44af568063b30c6e3259e1fa02ff64d
SHA1 1b9f03a5af809f54498f0c81faacb8dc49589ebc
SHA256 fc5f826a908e56f4097673a59e09b8c8b5459d9d2c1a328ed85a4c972439af7e
SHA512 9235a751e0045d0516e718083671e7115f85e3b9090a731beca643b4f3ba497efc285bb67f28acce45240b31015e786b357ed6cd962976d208e0541eb5419948

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1fe54460b4200f0b2e6add2a8892993f
SHA1 2debced5b2174f2f9c0c20e1fa73c5f84a3504f3
SHA256 9f0f45fad3f75f35a70a893176ddbda9dbc4e7e039459a0c1921790a152f11c4
SHA512 50cdb27cf9cad145a5e961330122fdab72f35f0eeb7eb58917533e5020afae8cbc3d5e434ff8a3a81aa4ea33e37200c23ebde0d101cd5453ce101adac7081531

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d088dccf59d4e741754c7a1b8bae424
SHA1 59729034c9adfe3bdd64d4984998d3d515ade37d
SHA256 f17af4f5b298a62d3980e21c621e1992db286d985a5d7e2af2ed860ee9d8e3cf
SHA512 d09cff14224f0d4f0863ac26279c7528552270004e5b348ad6ffc216e1e1087f4ea240633e57725c22ea9eab2c716f86829a5c7a5035afebc16e465957d5d4a6