Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-e6ebbsbf38
Target e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3
SHA256 e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3
Tags
mystic redline taiga infostealer persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3

Threat Level: Known bad

The file e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence spyware stealer

RedLine

RedLine payload

Detect Mystic stealer payload

Mystic

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 04:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 04:32

Reported

2023-11-11 04:35

Platform

win10v2004-20231023-en

Max time kernel

151s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3572 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe
PID 3572 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe
PID 3572 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe
PID 3084 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe
PID 3084 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe
PID 3084 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe
PID 4260 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe
PID 4260 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe
PID 4260 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe
PID 3612 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1668 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1668 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1628 wrote to memory of 3860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1628 wrote to memory of 3860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4012 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3.exe

"C:\Users\Admin\AppData\Local\Temp\e80e4142f4e69d518e1ab2184a0292ab959456b7310d391d702c81a335c5bfc3.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x40,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12470972584119920904,16007509336970810489,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,12470972584119920904,16007509336970810489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,6199685796812066270,2260421341738534406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,16073561000197109422,13375806760461586031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffc708b46f8,0x7ffc708b4708,0x7ffc708b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4QW3gE9.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4QW3gE9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7792 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5zG48OX.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5zG48OX.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 5788 -ip 5788

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6lq312.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6lq312.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,3839855539450144822,16577848694504187482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6136 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 twitter.com udp
NL 157.240.201.35:443 www.facebook.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 184.73.197.72:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 72.197.73.184.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 68.232.34.217:443 video.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 138.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
NL 142.251.39.98:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
DE 172.217.23.202:443 jnn-pa.googleapis.com tcp
DE 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 udp
US 172.67.209.38:80 tcp
US 172.67.209.38:80 tcp
US 8.8.8.8:53 udp
US 172.67.209.38:80 tcp
US 172.67.209.38:80 tcp
NL 142.251.39.98:443 udp
US 172.67.209.38:80 tcp
US 8.8.8.8:53 udp
US 172.67.209.38:80 tcp
US 172.67.209.38:80 tcp
US 172.67.209.38:80 tcp
US 172.67.209.38:80 tcp
US 172.67.209.38:80 tcp
US 8.8.8.8:53 udp
US 172.67.209.38:80 tcp
US 172.67.209.38:80 tcp
US 172.67.209.38:80 tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe

MD5 930850a16e9a51a4eda252720bc2a51f
SHA1 99bde66331b7515954bea44e9109a53d77557cf5
SHA256 e82c3aacc5713abbd5e65434c8118011d3d9a41389ca8d261954120006e2b150
SHA512 8a14cf845084aaf046555cc5f30790d46ea58a3350d45d2c4c736cdfb0719cda5d5bfe27e154d59b8112af62618fa230dfbd7dd43676972e7474fe576c2790eb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rq1tF01.exe

MD5 930850a16e9a51a4eda252720bc2a51f
SHA1 99bde66331b7515954bea44e9109a53d77557cf5
SHA256 e82c3aacc5713abbd5e65434c8118011d3d9a41389ca8d261954120006e2b150
SHA512 8a14cf845084aaf046555cc5f30790d46ea58a3350d45d2c4c736cdfb0719cda5d5bfe27e154d59b8112af62618fa230dfbd7dd43676972e7474fe576c2790eb

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe

MD5 f5401bdfa48f356f2588b957e38c7a60
SHA1 ce96bc1f973ca3d0edfdb08d8a01e2a31efd2b74
SHA256 df260a670133ad0247b2b1fa0ba2aefbd39e58fd02ae8e6a7d75b10c500ff9e3
SHA512 404bc496d49a3366fe35bc270ace39d072ae87ec6906807d0f83cc601565a7c8f06fdb21163b6381af9df92f5df206d2b8fbf4b031e924b1ad6f31909b16cbf2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qS5ls00.exe

MD5 f5401bdfa48f356f2588b957e38c7a60
SHA1 ce96bc1f973ca3d0edfdb08d8a01e2a31efd2b74
SHA256 df260a670133ad0247b2b1fa0ba2aefbd39e58fd02ae8e6a7d75b10c500ff9e3
SHA512 404bc496d49a3366fe35bc270ace39d072ae87ec6906807d0f83cc601565a7c8f06fdb21163b6381af9df92f5df206d2b8fbf4b031e924b1ad6f31909b16cbf2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe

MD5 990878202cbe6762304c169e78829390
SHA1 ca2ef976ec0e9e774f3fb7a69a171b12070ba2c8
SHA256 47fe839a41da59acc75d812a4303635f8c709e1dc106e6fe765a786159b8479a
SHA512 b207752d26419ccdebb371b0cdb6b9294a5a1cb7bec84df574a3e5cd591aa5378fdd368dc9b1e894dd2d771c41f6508825c3bd0e2cb3da4e64a6a99cccfdaccf

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UA947pJ.exe

MD5 990878202cbe6762304c169e78829390
SHA1 ca2ef976ec0e9e774f3fb7a69a171b12070ba2c8
SHA256 47fe839a41da59acc75d812a4303635f8c709e1dc106e6fe765a786159b8479a
SHA512 b207752d26419ccdebb371b0cdb6b9294a5a1cb7bec84df574a3e5cd591aa5378fdd368dc9b1e894dd2d771c41f6508825c3bd0e2cb3da4e64a6a99cccfdaccf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_4012_ZHCKXTAFRJCBVHXM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1668_UNSZTLIMZAJNGHKI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\31b974dc-c510-431f-b725-79bb5ea5e379.tmp

MD5 85c11d47723e6cbe2633756573b118f2
SHA1 0d628606879da42d241938d70a7b160b0b6c5833
SHA256 a28d50e118920956831b7f11f46de3352ad2b5e90f823c3e4e9ba57dac5c7dd3
SHA512 4a0b52b2d3a9005f82a5dad0618a85c38f08b87833ce85baa2fbd319e73c11431d8dde7d57220a590dd5b7d6552b6c41f9a019f9bec9c655ea3eca6221082eaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc10413683077da51ec669830061b459
SHA1 491fc452902305e660494dade8022c1a81e477ec
SHA256 04c7340f0430fdd83c2d0390905c7d10af54b57acfdf6c47d435ce7d02a5330d
SHA512 ec0f9dfa99310915035483cfaca0f96802d288b29cb01e1d2bc910067c039c4da80d31a576ea1ecefb39e434e901765ea037303ac7e2d4c5e46849f30f06042c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc10413683077da51ec669830061b459
SHA1 491fc452902305e660494dade8022c1a81e477ec
SHA256 04c7340f0430fdd83c2d0390905c7d10af54b57acfdf6c47d435ce7d02a5330d
SHA512 ec0f9dfa99310915035483cfaca0f96802d288b29cb01e1d2bc910067c039c4da80d31a576ea1ecefb39e434e901765ea037303ac7e2d4c5e46849f30f06042c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc10413683077da51ec669830061b459
SHA1 491fc452902305e660494dade8022c1a81e477ec
SHA256 04c7340f0430fdd83c2d0390905c7d10af54b57acfdf6c47d435ce7d02a5330d
SHA512 ec0f9dfa99310915035483cfaca0f96802d288b29cb01e1d2bc910067c039c4da80d31a576ea1ecefb39e434e901765ea037303ac7e2d4c5e46849f30f06042c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d475af7063987081960e3ffbdea69131
SHA1 5922a78442a3269eee55dbbc32cb66388ecab1db
SHA256 92b6efeade6789c13c347ec643f94fd4de24e7b1574d906e28a1df48438b5829
SHA512 29a084ebe66bfcea9a1f55956cdb4eee89f8da7b0147d312e200cdc4e551cea887deede2370cfbb7ef54c866e8d9a2b53c98dd497d33e0795255e357a37ee585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d475af7063987081960e3ffbdea69131
SHA1 5922a78442a3269eee55dbbc32cb66388ecab1db
SHA256 92b6efeade6789c13c347ec643f94fd4de24e7b1574d906e28a1df48438b5829
SHA512 29a084ebe66bfcea9a1f55956cdb4eee89f8da7b0147d312e200cdc4e551cea887deede2370cfbb7ef54c866e8d9a2b53c98dd497d33e0795255e357a37ee585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 85c11d47723e6cbe2633756573b118f2
SHA1 0d628606879da42d241938d70a7b160b0b6c5833
SHA256 a28d50e118920956831b7f11f46de3352ad2b5e90f823c3e4e9ba57dac5c7dd3
SHA512 4a0b52b2d3a9005f82a5dad0618a85c38f08b87833ce85baa2fbd319e73c11431d8dde7d57220a590dd5b7d6552b6c41f9a019f9bec9c655ea3eca6221082eaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aff5c1710beeaa5eff77b30ba8478619
SHA1 2caa70c790b13aefa12421858fb107be41f4f992
SHA256 056a5dbd9a389f76a13ddcecb195de37be32c3dedd19d3de2feb01d8dc00d397
SHA512 50494a7f5e7f11f21f4a4d7d53e589f9d75cf98a3376708e954f47ad8a2be9f2ba09fcf687411cff743c1c5ceab77f7de5db5bf32647d594cbf2f56f711c4fd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4QW3gE9.exe

MD5 bb440607323e7ed78320c679f0cc5034
SHA1 aa4c380d9fa2afed1557cbeea98f384285f8daf6
SHA256 9187a5b43fb0b5490be6d4858206056a67f7cbe5899619711536a450fbdd31de
SHA512 aeca879fc997d5c772749acd3c0c0505ed78d4c3eb10baca497f225d437caed36ea8eeb391b2a868ca3f1df37d158f66f6427e98ae27ce2ef6cc3d6b76ac74e8

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4QW3gE9.exe

MD5 bb440607323e7ed78320c679f0cc5034
SHA1 aa4c380d9fa2afed1557cbeea98f384285f8daf6
SHA256 9187a5b43fb0b5490be6d4858206056a67f7cbe5899619711536a450fbdd31de
SHA512 aeca879fc997d5c772749acd3c0c0505ed78d4c3eb10baca497f225d437caed36ea8eeb391b2a868ca3f1df37d158f66f6427e98ae27ce2ef6cc3d6b76ac74e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bef59874a55ec9f1a4980f1c5120a222
SHA1 4889cd148f3d8f50c2975948a6562d86f9e53532
SHA256 585c552fa17fa87d168a12b64b866862934fa7858ac38c77e18e3f92c3e2dc8e
SHA512 4ff3f2e59b17b2e99489e735c3ab792a0c22ae6068af4fe57d524b61e300f79ef04223a7aefa04c4a6996245b9fea83c07d03c79dfd26f49fc56c7bbb3602c86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d475af7063987081960e3ffbdea69131
SHA1 5922a78442a3269eee55dbbc32cb66388ecab1db
SHA256 92b6efeade6789c13c347ec643f94fd4de24e7b1574d906e28a1df48438b5829
SHA512 29a084ebe66bfcea9a1f55956cdb4eee89f8da7b0147d312e200cdc4e551cea887deede2370cfbb7ef54c866e8d9a2b53c98dd497d33e0795255e357a37ee585

\??\pipe\LOCAL\crashpad_412_YFZOSEFTXJAWKCQF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 376229141a31d203242b439865728a8e
SHA1 7a4cd2473e5cff3fee4407d024181e1ec6f78832
SHA256 cf40bf78512690d709df411e4cf7f413521e26e02e832f8ad9fc7eb0906d1d47
SHA512 a87406aa4d0add08c97a8791a5bd2983d209aca16697ec79a2e68e4d2e04acc99b688a5539183f4db1fa8bb0c9c70861562d3b935e338938f77479c159e731b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f1881400134252667af6731236741098
SHA1 6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458
SHA256 d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75
SHA512 18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5788-294-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5788-295-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5zG48OX.exe

MD5 87a91599f93746d250128f9467be6ec9
SHA1 fd6de84f4d0e2f138612eb08f4f69526220d62a5
SHA256 a5f91025382edb94d1c3b9b464b9966741458cecc2b301d00138b9870ec10ba5
SHA512 8a6eb765001b7a3f423165c02f29ecebd41d82b3d030459532f13258d9c867a6cdd64d9642a0734a273040d9bd0e45056a1ea9102213cb3fdbe71d1d8dcdd840

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5zG48OX.exe

MD5 87a91599f93746d250128f9467be6ec9
SHA1 fd6de84f4d0e2f138612eb08f4f69526220d62a5
SHA256 a5f91025382edb94d1c3b9b464b9966741458cecc2b301d00138b9870ec10ba5
SHA512 8a6eb765001b7a3f423165c02f29ecebd41d82b3d030459532f13258d9c867a6cdd64d9642a0734a273040d9bd0e45056a1ea9102213cb3fdbe71d1d8dcdd840

memory/5788-298-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5788-296-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

\??\pipe\LOCAL\crashpad_4916_WUSWQZJIBUOOGOPA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bcc6772471faf3265c0e054e96eb9e72
SHA1 8a46346b3058b2b39bc60f88a66e519ced988505
SHA256 272a1d9274519489fc401f86fcaa8305d8492b667b4c749e9f0b072c566ead3b
SHA512 560af1e6b63647df18fc259479e7734975eaffc043ba30119f81dfc9e732767f3a56264b0b782cca782d7aadc431b9c685273c4bba833213bf07153529b4a029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5857ef.TMP

MD5 ebe65d4eb57023a0c966c82f05474b67
SHA1 717627fbd95ee77700875c56aa1a51c43b8fb98b
SHA256 1b7d7f136a76289e13fa9ca3f464545136849dcafa2b9ea0951a491125efcc2a
SHA512 d7cb7d318491a97366516d6c5330eb2731448851c072749592e655666c8cbb3cc8498ec85e811996e48034e142c0ca21834f8ef7187742bb0b0eb10ba210382b

memory/6872-476-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6lq312.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6lq312.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

memory/6872-480-0x00000000741A0000-0x0000000074950000-memory.dmp

memory/6872-481-0x00000000078A0000-0x0000000007E44000-memory.dmp

memory/6872-482-0x0000000007390000-0x0000000007422000-memory.dmp

memory/6872-483-0x00000000074F0000-0x0000000007500000-memory.dmp

memory/6872-484-0x0000000007380000-0x000000000738A000-memory.dmp

memory/6872-490-0x0000000008470000-0x0000000008A88000-memory.dmp

memory/6872-491-0x0000000007710000-0x000000000781A000-memory.dmp

memory/6872-492-0x0000000007600000-0x0000000007612000-memory.dmp

memory/6872-506-0x0000000007660000-0x000000000769C000-memory.dmp

memory/6872-526-0x00000000076A0000-0x00000000076EC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 687b9b8dcc110f75fbda7976c2a5ad3c
SHA1 8365c7cfb6d4cb8671f83f8bf2c37961afdf3b00
SHA256 b1fc570443e35bdbc0e69e246569f98e8c49de3c5de22ab1967a86e932a3eb59
SHA512 3efeaf493a20eae60df776b203d8006a040f16604988c7e66129d40679bdfc7a8ad99ff2d3977639412c44b30d61c496c4a2f0228b1655805f36f22cfebd4473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9692f524842bb4a35445c990ea27bbd4
SHA1 96cd435a4f530bf5f8ce12faed1c9b4aae97ad6a
SHA256 286836195f974e0e47e90753860da3246e1e3148952fa7a26d6912579727eda7
SHA512 3bd8a93a1cdf59e3ee6501345b55baf7b4f51fee0a3be78d3026151a0549dd9eeddc73a4b79f54933783ac8e489268ec0b9f8ecb29dc3ee35a4a489bd77d41f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 247c108e37b2f1dfc6055c2013cac63a
SHA1 698f727c717410e7f5b4a356c538daf55e987264
SHA256 512c9ba870a1a03604fa0fca8b98c6273f51d88e37b1e5c66a335f34f4956d4b
SHA512 d35e4e7514e79459d43f91c8c88e50d720442ff983d6dadcd8a5d6910af104a26b3b091e87b352990c3b6ab49d09d4ab42e53fcf87b92825c2b86c46052a558c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17cbc55c0060efd18a5f454db4e8ce8b
SHA1 57f4c484516dcedb7a26ee635abbe44b3c87c283
SHA256 efe393521f43906a7d89e73ddf719f11392e4dfc3f5a1976ccd33b812ec3a039
SHA512 08749863d59c8ccc55cc5b75522328ea880723f1ac15ab42fd6e86e082066c9fc39f028b575fd90dbbee24e79e983599bbdcbd58bfa62d3a127a6e920e54f858

memory/6872-640-0x00000000741A0000-0x0000000074950000-memory.dmp

memory/6872-658-0x00000000074F0000-0x0000000007500000-memory.dmp

memory/7080-672-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7080-673-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7080-676-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7080-674-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 69d53fed9486bd94f790c18d943206b7
SHA1 c1ebb2eafca9aaeb86b1ff3a165146481c8f1760
SHA256 d2a822c5bea2b9ae2557e7edbe70b6c11f1f9c4ff0295938c30eba4c29e247d3
SHA512 60548086b3ec66625e85a6e53a64e1ffacf1d3fe0db56efc8a4e4c0dd7fc2d5044a59c444013fab43945950dc841e1e0efa1504be2e0d627ca735ae4f3b03a7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58ead8.TMP

MD5 39affada102cb6aee5b1122c95dd1649
SHA1 e5ede5fc849507c157502065e39a5ffe63988bc2
SHA256 05e82415fa03862706d5b679a5e4b33d0c8069f6d1a5c09cbf07e94291159075
SHA512 4fc478d0b60af80f67cd26227939cbf8422d63762d5771c08aa0b98be66e0e27cfa7e8befb00673b6bf19ee7a1e4a0626761b84467674cad5a91e708e29ad3e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ea1aac8642e40f9b7bba81d8d22b532
SHA1 fcfa04a7a9696acba6342b37e3754b8a4f40b3ab
SHA256 87e7c8912e4d1625e99d88afe96b46d4692c38cd3929d81f92274b3b6f3c37e9
SHA512 0f38aa20c254684382a56a16b0f6f9627f416de1374d112418d0370a0a84776b580025077e8d2f0aa3584d7fe2255d4b64f7210a3ef377e1eb8418e6227e6f2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4fbeb8f635eb5f67cd990fa8236a1d7
SHA1 d34bf09816287c4b4289576c734579676c5abe0e
SHA256 14758e4dc0b9162abc874af7849d233e592d82b7616a98c5e594846b9a3c0f03
SHA512 5ce6462c8f2fdf0a3d78905dfda5c109bcc426b403e3c205ca579d7877b64f9952f1998c10b886c29d15c115789623704fba47e101b3ada1a625f19f618fb83a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 b7504a4b8623f445001dab902312b34c
SHA1 a1861e84ffe3acfc511cbe882649b935451531a0
SHA256 1b8eadf732e073734c1642abd65a516cc99f70090e72734991b159255b83ebb0
SHA512 dd0123cd93eb2fa2ab490f5ded48d8a041ca961064d479344271ea36088a08f2d8818ad712d8f36831fc87d10cdc58176d870b5559f26e7e7aa95f64addb20fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 24020f8899dfd9d96308b8afeab47a59
SHA1 37bd7da943136f62ecf5a3a3063b8bda1cb167a0
SHA256 9857db12df2462732115b667b33a6e0f813d6895351cdf29fb15f7ddc958075a
SHA512 8bcfcd1cee82178d505b6c52abaa03fc4372e60a8578375608a5fba61f6e6b21048342e422dfc675334fa82252c410cf7c84275d3551a58e2340a471dc60a71f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4eabe9f1303fbf0f47a20e0124316100
SHA1 30344b22fcb4f9ad37fb535a5b33b838f49e0588
SHA256 c8af489ef09784f99d040796f94e4acb8ad49d828590059906abeed8f7a30011
SHA512 833b861f3135d733ddc4a5cc5d62a54b3a4babbc3af1b97cd78921609d3746fc6ff6297a4cb6afeae5a17ebd467b90d89795aeb0ddabc8cb02180c94ccf7e402

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7a7a1b01-604b-400a-a010-db3dd420642f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 531b45ee73b67b65ae879606c182d42b
SHA1 b80015b6a08a15277a4ecb44e798d8444af01973
SHA256 05af458e20933be9f81e41143ce0649f4ae2b855717eb57924284dba70698825
SHA512 1673159559c6595b86b67ee1a6ec1326385f04f3f22431650675a167e6f1db5e21a26cc2bd7bd6238fbb6ca7480b15744f202331a43929bcdd0ebba7fa4a0080

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c51b671b77a6f2b6a66f7beb619f433
SHA1 a34b1f9146c9ffd87b74d46d5eb02664b0fe2b78
SHA256 665562fdba8d749847f858f276916b70c3704b747b56371e50275cf4d698b814
SHA512 cc6c1c77abb8a7e396f047322061de2af22564ace67c0ab04e1e306d6761e537f2d4cbd210f98fcb998fa15e67fc315bc33411d6d7d255875bdbaf26af11be9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a5312efe41a9470256ef0997562bb2f1
SHA1 4b4dc2f8af4265bb16734dcc56354055ad503aa5
SHA256 742541152c5098c53f41e4a59790ed1059af8b473c67150e0600d46c4cb14e60
SHA512 8a012287a83b7bc07499998c58a3224695536353ea99fc362ae601f6fd3d7e3d8c78bbf1af7fffffe8fad565530e9e0829c56ad2475a07c4d58bbd720cfa8c99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1be15c09d612adcf77c73427e7bb0e6a
SHA1 fa31e51605226b6082e568dfaa4e9aba79588db2
SHA256 4f1377fa3745284e0441ed5fb377d4b5b24a2d651e1aa653870b19c66be6c3da
SHA512 a54b26f75af1ffca43862b7f82e548ce36b1ec3c28bd19bdce2b5cc9fc0699bf3b3f4f194be9d0164efe6d17e90c0917651a4dcb66bda191e2264a1b0c48e0f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 418a8bdf24fad37ab8240094b6bf4b13
SHA1 6d5beab90a0765b5c45043538f1f02dd1859bf0f
SHA256 acfecd77388756a8fefd231ed98fe5c898e929981c4fb94835f31c3f2859722b
SHA512 d6759f95be5f721b345050eb439cd183d1707484a14c9bdeed4e79cd9d7c5a2e14b5cd07471269f5a655a61b79f45377118c5cfe3151e20d7f4d53e718f045c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b54e4cdf-0585-4705-8dae-2713f451bc5a\index-dir\the-real-index

MD5 0437709df874f5ba48e449e0f1eb7abc
SHA1 c0dc92391784797f9dbc123c688387d9cfc2183d
SHA256 c27224bc35d96032f27968c56f07b404f77eeb968a3207a3f54e5539f6bc264f
SHA512 315f6a7b166049f91ae44de73c6e3e89bd1ceddcef755b73432cabcc2dda3d6834136831b8ebc1c4919c47ff586ca27bc30adc4c6cf456d917825887947e761b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b54e4cdf-0585-4705-8dae-2713f451bc5a\index-dir\the-real-index~RFe593dda.TMP

MD5 0379e5f2b03ed5866b6933f275210bc7
SHA1 47c1a6b64c8b95dbf45b646d913179d3837b6d5e
SHA256 fc135cfd61e3066497c680b343601a7bd964aa570cf5f620f3aebc47795632b2
SHA512 b2e8290cadb86cae27b18a9b04cf002ad09f4913a7b490d592f9da1998b9c7632e6453b413b6c0e29bef844ce9940e431dd68ce52ffbd287a2a583d91d13b1a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 34d280bdcdccc764bcb34845468b46f5
SHA1 862649717825177777c63aa74ee58b304be30b12
SHA256 ae23e74e7e87f2dc31339e6f17708ea9b4cf50780300843fda2ea42799a67d5c
SHA512 49e2bf965b729cf4d52f7d1adb5ba56ba036631d2a5d0b294644b516bc375adc1a64c97f331f721fb57e810ae7dea062fb3a391d1f91ae6ee9b96200380ecc90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 93e14486cab188e3074386186eb403e2
SHA1 b1490656ef751148e2505997ea58187a47ef4c76
SHA256 b27486ffd8d4556dd0545a5b116cb073b4ce4293ef24131b9cb72235d5cbee2a
SHA512 56a71fd1d305bb84185c8f0148232bd50dfc5f3589dc3c43af398eacdb0e6aa4bb15c8027c963f4c3c7835bad1babf6159881c68bf89e705f33a6caba1c49752

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8fe66232003fc285f8f8aab041b121da
SHA1 d4b56dbaa4f5ee4dc92ba7eff400fb1111c7abca
SHA256 787e904ef2dff65d1b7e6cce256b84507528879d21e182d6b5a0cf67acc1b7ee
SHA512 4a1306828bea738cad0472f06f7e250e082b3a48caf463e7e3202ee8cb9adf48ef9f05b451c2f4c7b4716aa1da3f1f70f0af6d2bbf3401c71db730ed9eb14561

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596d66.TMP

MD5 d0fe810b3df47390c843c4176b5859e0
SHA1 1abfa0bd64e7a2b0a320215f059d82a2635bba5f
SHA256 29c76c28b645b0290e3ea8b64483c064a0c60d1e036ca0cdbe0dee92af54f37f
SHA512 e3f626ab502456ded8e19c289fa4b6a6fff9179d63c825338862af20756472b886f92fa19cfaf6e6f9eac886827948001d0b6041198762a56bc7776d9423b6de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ee21375f2294670c0d7ea28d969cf103
SHA1 2cec00880e2345b8e04c99741f7c41cb6059b16d
SHA256 bd1fa004b1191e149b4843e1b10e07cf2b41b58b7fbdde1a5a9ddeb65d189aba
SHA512 18883e02cdfa00af4c9accb5f729f1b039879d3c6a8970617571db9bc694eb05566f3020e337ba2240bdd51a9a0b311ef5ddd6fce694f56428a6a9b1f5f085b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e4bf503-2c9b-4360-8b05-5bce5c750a6d\index-dir\the-real-index~RFe598f27.TMP

MD5 86f76d69d718640fb7a022739a26c5f8
SHA1 dbdbe28bec6bf702c68d0af69cae41b485522b87
SHA256 403346f0138ad07ff7365778df0f61fdaf255ee00f5a787051f758eabcaefa40
SHA512 1cf17f3b0487fcb8aaad7f156a56f1b379eb8c2d7e6bc7a1eff937afb2b385e3a487ae81d0312ef6f6422bc3f36a5a571de1b4988f79d66787f04b8a470b8c93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e4bf503-2c9b-4360-8b05-5bce5c750a6d\index-dir\the-real-index

MD5 9d6ed79ba0fd340887f0f6b662db26e7
SHA1 7d37eda00b0ec05afcd328fceaf7a6ce705ba2ea
SHA256 0852d095751dad04b46cdafbc94ba78d2ba744b03457ed932ee5a9ec449629ea
SHA512 79db2af603b1bdd1aa1cf6f0cc0a33bd03b22034df155ab376755aa8ba550aeff79426a285379fe8501957d7766d30cbf850aa680ae7c7c03973e63d8f01e43a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 b64ec669dd818f90ee958a8decaed9a4
SHA1 6f4cb9ad15c4e94238c9bb3ef3cf537c81e4d736
SHA256 a93bf024dbc9eb784c3f0ad8c1cd61d32e67638352b0971790a7d9e204c84676
SHA512 fa093715273341816cdefed8b1ee8c6371eecdb02abfe79a931c8c00f5f1064f83bbe48a6180d6c630930a8ee6a7e75ad49934e7900b81e179488522bff01a2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a27cec6ebc5199df5791c4e9ca74bd35
SHA1 6ff8d3b3934406b5b9bde7fb08eec290b4682d91
SHA256 9ce9f84afb5aa57dc00be184a1358b62584390f900297c261bae99bf3d4a18fe
SHA512 fb573c26459b9a7db070f71a0c29775ead4988f336ab8374f3031cbd0b1ef89810e25190627123d49dd1c344aeaecdcbedccab04e995acf11a788faff965bb03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bfa656b80596035690d8b5b3d2d5fe21
SHA1 6a1d3fcb91e7222984860f23893191f27b143c18
SHA256 f30248e58fb4fc77724fd5c95dd43664054adb79f51903c8d19a1e653b612ec4
SHA512 62d9281b924163b37602b986c3d2e7eb069b25f646935d5964e70b36981f63d9da0758ac9d05a362f693054ebb5f480e1a6795cbffa5f1ad334b418bbd58f43c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 60cb8215bf0a11fed217fe03cb1cd549
SHA1 18a39386ee9bb25261e6fa69e9a7da6183629a46
SHA256 3e8b4814c6a488867a9e532ea97f76e36aa708b25c78fa5ad94647b23a4c4e18
SHA512 93e6a63b9d95d1fefc9355a3c065a8193d910d9461729612c454939f683059b0b3e50933eeb34def4a7a75e3256d664c0c1b0c31a23979e9cd77cef2ce98813e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\62d7fd75-3900-4489-b219-c6d66c674348\index-dir\the-real-index~RFe59d1ec.TMP

MD5 7c0357de5c535115be0b9d34607f1c5b
SHA1 57e022b8b4dde68bc718e9df76e4a4fed2399f0b
SHA256 78b28b07b17c7de830d9afbe03e1dda7bbf96e91f9357aaf7c275ec618c89f17
SHA512 e236c7370a122251fb53d321fdd819af9ce4dbe5ccc1e1230209e28e7cdc0e9b2e08c555ec4f3ff0ecf7e690b29fe88166239e0b4ba234d1f229116247577786

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\62d7fd75-3900-4489-b219-c6d66c674348\index-dir\the-real-index

MD5 5ef2cb3d0f453ea9651d79315a81121d
SHA1 283ac51aa326792b5ec038788f63a0da1c1aa02c
SHA256 38332902ad5a291a034e6e56f044494f4bf762221f8c2d91b9999dbe34eca8c7
SHA512 a7652f87b87dd2291520edbd0952a0bacd5f3e7e119111ac461f65f427798e3392d968c4c52130327362c8362ac2444aebf0e11f7ca2d035f7591a5b312385a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 6a28ee129b57e80acb3872595f131573
SHA1 d7a35e91503e222a2eceba524c34899e72779b97
SHA256 0f7183514ea7a96642d481d9cf9cf5e3ea79d46f5b03676f7dcebb58d852c2ae
SHA512 c319a2b9676ee51a0a55c42ae1ecb1299cfbc678c24005a8867f0a38625b79a9743cee4b21e6539a972bc7766e9e017051bb059c3728b62a76f9ccbbfaa1a34a