Analysis Overview
SHA256
0a36e40bfb1dc019f93546944e1f678afadc5397cf7e591bec79d42870a3810b
Threat Level: Known bad
The file 0a36e40bfb1dc019f93546944e1f678afadc5397cf7e591bec79d42870a3810b was found to be: Known bad.
Malicious Activity Summary
RedLine
Mystic
Detect Mystic stealer payload
RedLine payload
Executes dropped EXE
Adds Run key to start application
Suspicious use of SetThreadContext
AutoIT Executable
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 04:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 04:02
Reported
2023-11-11 04:16
Platform
win10v2004-20231023-en
Max time kernel
188s
Max time network
731s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MI0VS83.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1iW46Ss2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2hG1107.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3qo48wi.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\0a36e40bfb1dc019f93546944e1f678afadc5397cf7e591bec79d42870a3810b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MI0VS83.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3576 set thread context of 6520 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2hG1107.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 6872 set thread context of 5376 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3qo48wi.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0a36e40bfb1dc019f93546944e1f678afadc5397cf7e591bec79d42870a3810b.exe
"C:\Users\Admin\AppData\Local\Temp\0a36e40bfb1dc019f93546944e1f678afadc5397cf7e591bec79d42870a3810b.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MI0VS83.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MI0VS83.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1iW46Ss2.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1iW46Ss2.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x128,0x16c,0x7ffb023c46f8,0x7ffb023c4708,0x7ffb023c4718
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2hG1107.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2hG1107.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16156055337902534100,16426978544964281408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16156055337902534100,16426978544964281408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,4035136258079686040,17049566187543907183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4035136258079686040,17049566187543907183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4199271633178283924,18126571829489623565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,11224118245061594389,328188087796786671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11224118245061594389,328188087796786671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4199271633178283924,18126571829489623565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6654551052341691134,10899858023836782737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13729230470747182057,701701838397411224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13729230470747182057,701701838397411224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6654551052341691134,10899858023836782737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9141119084734594424,4205272289576656606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9141119084734594424,4205272289576656606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16992645617328258784,12134314504910865044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,17786555291197876750,12186572286015665923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16992645617328258784,12134314504910865044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3qo48wi.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3qo48wi.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6520 -ip 6520
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10093359506066383108,16189153054189897249,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 44.212.195.210:443 | www.epicgames.com | tcp |
| US | 44.212.195.210:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | 210.195.212.44.in-addr.arpa | udp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 1.42.244.104.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.201.240.157.in-addr.arpa | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 192.229.220.133:443 | video.twimg.com | tcp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| NL | 142.251.36.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 22.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 54.205.234.65:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | 103.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.234.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MI0VS83.exe
| MD5 | 1f00b88174ad12feef75996287e62c4e |
| SHA1 | 3e5d44b0e1c643a8770e09be64489002206bee9e |
| SHA256 | 0f9e3d8e5abd6761918db0efb517ec8eaab482c5bcef4746373c1c2dd61683db |
| SHA512 | d932a5f428c2e88eb2bebbe02793663767ea28fd80a457c20f4a84e0ca57ee0a31a858e3842327f2ceab19208ae8dbe0e7c7d27ce470e981d6612016eb93c6bd |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MI0VS83.exe
| MD5 | 1f00b88174ad12feef75996287e62c4e |
| SHA1 | 3e5d44b0e1c643a8770e09be64489002206bee9e |
| SHA256 | 0f9e3d8e5abd6761918db0efb517ec8eaab482c5bcef4746373c1c2dd61683db |
| SHA512 | d932a5f428c2e88eb2bebbe02793663767ea28fd80a457c20f4a84e0ca57ee0a31a858e3842327f2ceab19208ae8dbe0e7c7d27ce470e981d6612016eb93c6bd |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1iW46Ss2.exe
| MD5 | c98ad50b469fae326591f84c6e822678 |
| SHA1 | daab312f1778ef18988681c70bdb63e234ca1f84 |
| SHA256 | b79e761c24f2af663d96b6430d704fe83b251c549a61f7ecb1e59ec60d4557e4 |
| SHA512 | fb1186d8189bf95432f3e15001c82bf9706d1dac1cc17f23916ed0ad59227aa28888b332e71bd13ae58fdf354d4077d731c7fe52db8d223e74529f019a54de81 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1iW46Ss2.exe
| MD5 | c98ad50b469fae326591f84c6e822678 |
| SHA1 | daab312f1778ef18988681c70bdb63e234ca1f84 |
| SHA256 | b79e761c24f2af663d96b6430d704fe83b251c549a61f7ecb1e59ec60d4557e4 |
| SHA512 | fb1186d8189bf95432f3e15001c82bf9706d1dac1cc17f23916ed0ad59227aa28888b332e71bd13ae58fdf354d4077d731c7fe52db8d223e74529f019a54de81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2hG1107.exe
| MD5 | c7047a2aa39f72edff0e0eb63e937b88 |
| SHA1 | 5c9f7ce500530a4db1f1eadb52a9d847dd0edd9f |
| SHA256 | 948af2d1e9b11ffed2dfaf01f6d49460aa9b1386fe0db42e6d2ce0b25679929e |
| SHA512 | d276ce6328a4eeaf478ed52f0f06aecfff1d98330fe42b674db42b92a527ea8bc114f42031f60da826a0c75c0e5ea75de7987a37a2d9c743c9d85381e8baff93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2hG1107.exe
| MD5 | c7047a2aa39f72edff0e0eb63e937b88 |
| SHA1 | 5c9f7ce500530a4db1f1eadb52a9d847dd0edd9f |
| SHA256 | 948af2d1e9b11ffed2dfaf01f6d49460aa9b1386fe0db42e6d2ce0b25679929e |
| SHA512 | d276ce6328a4eeaf478ed52f0f06aecfff1d98330fe42b674db42b92a527ea8bc114f42031f60da826a0c75c0e5ea75de7987a37a2d9c743c9d85381e8baff93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_2368_RAUVNUUEMPRZCKFR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_2120_ZAZQKUFCPXQMQITI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_2576_WDLEHGRZUFMLNOGB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_2568_CMITBOMBRYBDAEBQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1708_GENJSMCVTTGTSWHC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_180_PMJEGPBNYIMLUSOH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_3456_IXTWHVUITHEZTVYE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4160_LMUOWOLGGHIWPJDR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2c235f9a-7166-4cd1-9556-92a9c3f449d0.tmp
| MD5 | 0b1f4809fd8e0e4ac9ec0fc7ad8aa822 |
| SHA1 | 05bf69b6d910059fa01f446db69bb91f473441f5 |
| SHA256 | e893b42eef1af4685072c3f27596aad2339522c7b2a79d508c5766f2739403cd |
| SHA512 | ada11f928a69700cd589ba0991d13b1439217f23907a8db429f31c9ae69bfb9e15129e351c3b596684b6696a8037d17c144b1b95380643d8af4132646e4852b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bda8de71c73c260b3acfafab2f00566e |
| SHA1 | ce40cae592a9735d5424ecfae06a925a52dc757b |
| SHA256 | 39385f19b1b1b8e4920738241d03a50cd9277295a27dc7ca842e214e6a7c0bbf |
| SHA512 | 1a36359978559b6a33250444b06369783af720bfd960894a6479b03a872831d10aefcf27ef173a8f4416b2776962169e97e4c104682a8d4c71a99dae4afa2f1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\165de8e6-a6b2-4fab-8482-e0871e7da43c.tmp
| MD5 | 0b8831963e8241cfa6a670a609b32c1a |
| SHA1 | 258d1168e5dfc35d48c1f8771012a5440dff41a3 |
| SHA256 | 9f5353ad4d366a03e4dc835521e723db91704fb509dab5f7d851bbc2afdb4e79 |
| SHA512 | 303834b84f031668e8b55bac2c14f85d1c1811dca787f69c4637dd02d2bbe61598f3cdd6edb6aaf422496a797b8cb89ef54bd5b0904cd29ee963fb966a7db2fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bda8de71c73c260b3acfafab2f00566e |
| SHA1 | ce40cae592a9735d5424ecfae06a925a52dc757b |
| SHA256 | 39385f19b1b1b8e4920738241d03a50cd9277295a27dc7ca842e214e6a7c0bbf |
| SHA512 | 1a36359978559b6a33250444b06369783af720bfd960894a6479b03a872831d10aefcf27ef173a8f4416b2776962169e97e4c104682a8d4c71a99dae4afa2f1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7df1a69f-0594-4a28-aa5d-9bb5c44846d5.tmp
| MD5 | 1850164ae80262a984ba4f7d702d3d2e |
| SHA1 | a059bb697fee666ca7dbf30b12326100c0741573 |
| SHA256 | 60f4d2ba73a7830180994185699fb6b88a79ee2c756b21ba834030636cd4d184 |
| SHA512 | 296a569f9de0ca41ced4a774440852d3b91ddaa93613d3d2937f09480dd23ee0c38383dd86c7b0724d2cb4be03d6fbbbea874cbc2e5a4665faa962a4b8707e47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b176e9c2-c6c8-4558-82eb-bc2174389290.tmp
| MD5 | bda8de71c73c260b3acfafab2f00566e |
| SHA1 | ce40cae592a9735d5424ecfae06a925a52dc757b |
| SHA256 | 39385f19b1b1b8e4920738241d03a50cd9277295a27dc7ca842e214e6a7c0bbf |
| SHA512 | 1a36359978559b6a33250444b06369783af720bfd960894a6479b03a872831d10aefcf27ef173a8f4416b2776962169e97e4c104682a8d4c71a99dae4afa2f1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9a928d48-122c-4343-a640-611f81b67500.tmp
| MD5 | 2aa36a0ddb6ff8a75c914278aa6cda9b |
| SHA1 | 59b61590b70cf76a94fad1dac083cd54432e81fb |
| SHA256 | f352c13219fe744849f9407b50def44162bbd4249bd0f6d716eb189d9b6990cf |
| SHA512 | 3f9faaa9da41fc5945d99c000d926ac8eaa2d0fa0f281395b57230583e0aabadefaf5ca4136a5c82bf005558666c5fe9cda81d046c8fe3d5162ffaff4d53ff6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bcde5871-49c7-44b4-a869-7c16cd452fca.tmp
| MD5 | 3775c7378359b2430f350d754ea6670f |
| SHA1 | 6e103bea561328e54ee169ecd08b2e821d3fcb4c |
| SHA256 | 7a953a858fec1eb74fdab184d0d2e96eb24ecf7e153b30e3daa03028f623d17e |
| SHA512 | 14673314cd43d45e44e862cf7f50d4c961bf7fcea9e88f29795400d6ed8e4b7777a9be27b217c49985f8b843632d039d3e770e9413bc25dde06bdaca29d0db99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c0a957af-52e0-4799-8a83-dfc734f562f9.tmp
| MD5 | f938966a348db904159e4b064c024634 |
| SHA1 | cf23a5b21318e6ce25d21543fcf8732c47316f30 |
| SHA256 | c46ab618ac81d7959136b45f566d55031cd8c9f334eafbd0d5d626988b571afe |
| SHA512 | 1f89e093fac80ead4ebf040e6369055b498470f4e35845b535be605a45142504a4e80947c104b29e2b51d0b31c85a92f1ebcc3e04959a0b4761f8f25208b2b8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0b1f4809fd8e0e4ac9ec0fc7ad8aa822 |
| SHA1 | 05bf69b6d910059fa01f446db69bb91f473441f5 |
| SHA256 | e893b42eef1af4685072c3f27596aad2339522c7b2a79d508c5766f2739403cd |
| SHA512 | ada11f928a69700cd589ba0991d13b1439217f23907a8db429f31c9ae69bfb9e15129e351c3b596684b6696a8037d17c144b1b95380643d8af4132646e4852b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1850164ae80262a984ba4f7d702d3d2e |
| SHA1 | a059bb697fee666ca7dbf30b12326100c0741573 |
| SHA256 | 60f4d2ba73a7830180994185699fb6b88a79ee2c756b21ba834030636cd4d184 |
| SHA512 | 296a569f9de0ca41ced4a774440852d3b91ddaa93613d3d2937f09480dd23ee0c38383dd86c7b0724d2cb4be03d6fbbbea874cbc2e5a4665faa962a4b8707e47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f938966a348db904159e4b064c024634 |
| SHA1 | cf23a5b21318e6ce25d21543fcf8732c47316f30 |
| SHA256 | c46ab618ac81d7959136b45f566d55031cd8c9f334eafbd0d5d626988b571afe |
| SHA512 | 1f89e093fac80ead4ebf040e6369055b498470f4e35845b535be605a45142504a4e80947c104b29e2b51d0b31c85a92f1ebcc3e04959a0b4761f8f25208b2b8b |
memory/6520-262-0x0000000000400000-0x0000000000433000-memory.dmp
\??\pipe\LOCAL\crashpad_2924_MCQJSROUTMOJVHOX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/6520-300-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6520-301-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3qo48wi.exe
| MD5 | c3dfc5b825aa8f6bda8a7a4b39f57c2b |
| SHA1 | 88790151e628197943fca57f33668eb4d4208c21 |
| SHA256 | 283ad068da68ce7f4920beb9a9ceb13d67cd8b55ba34a241cec02c9c8be5fc7a |
| SHA512 | 30cfdba2d9494cf3b5a1768d8817628b1dba9afa43f44f9794798370633dfab0a21c135fc31452aaeb01c4bcc4c445bc130e8132f62aa5fa29a871c509c9231d |
memory/6520-309-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3qo48wi.exe
| MD5 | c3dfc5b825aa8f6bda8a7a4b39f57c2b |
| SHA1 | 88790151e628197943fca57f33668eb4d4208c21 |
| SHA256 | 283ad068da68ce7f4920beb9a9ceb13d67cd8b55ba34a241cec02c9c8be5fc7a |
| SHA512 | 30cfdba2d9494cf3b5a1768d8817628b1dba9afa43f44f9794798370633dfab0a21c135fc31452aaeb01c4bcc4c445bc130e8132f62aa5fa29a871c509c9231d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bf4f3c7b-8dbe-48e0-ac87-997da6d23ebe.tmp
| MD5 | fde13267b57cbf289efa16a9387d15ef |
| SHA1 | 5862fd3bad2a3ce636a1b5a04d8efd84fe1f270a |
| SHA256 | 855af72b1f0f9296471f3706ce74e2c9e397afe83d9bee98e45a9674a31128ce |
| SHA512 | fafa37570fd61db87e891e281b6ad59dfc76d91a89a33ef4ac84865d34e29240fca17f6603fb8bc1836cfc77f48de46a5376a9c62ad23a8563cfbc4b23fd42b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0b8831963e8241cfa6a670a609b32c1a |
| SHA1 | 258d1168e5dfc35d48c1f8771012a5440dff41a3 |
| SHA256 | 9f5353ad4d366a03e4dc835521e723db91704fb509dab5f7d851bbc2afdb4e79 |
| SHA512 | 303834b84f031668e8b55bac2c14f85d1c1811dca787f69c4637dd02d2bbe61598f3cdd6edb6aaf422496a797b8cb89ef54bd5b0904cd29ee963fb966a7db2fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c15c57fb-c621-4294-b2ae-c5090f070b77.tmp
| MD5 | 853cc19618713f20f86bc6bf8ea0a9e2 |
| SHA1 | 3ddc8c3ccbf41c99729eaa158f3ac3679de1e69d |
| SHA256 | 7d3c1f5b083a75d924958c9de1c44393b5e427be1a380ffb04b7091275cabf5d |
| SHA512 | 6873c7846d9c205fb6abb208ce208f4e7c02423caef6688ad7e6ea718f0f303343cbe2d2cacdaae04ddfb687e9a6751cd194395ab0ece42ec5fff3f07908a960 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5058edbf-adc7-4e6a-b700-7e2f4fb8f795.tmp
| MD5 | 1e5543217a393b2f923870fc30bca841 |
| SHA1 | 8eea6202bf90e04ed816f331855d8b481cea9823 |
| SHA256 | c2e2d4dc31418531793b0ff029fe2ad1dd45e86ce9a2674a12d879571de30f05 |
| SHA512 | 1b62f473d36185abf3a21fd68ecee9906964633b2d3c2f95a8824cbc9025a4b3f869c9a8206c9eb27c2d44f6c34017062697a89ac4ef1c3f95843b9b6b8897ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afcbf75b89f800fb0011c69d3f54f008 |
| SHA1 | 1ff9860e481909d3d6d5e9ebff2e0c67ed980f13 |
| SHA256 | bf97982b29435c8364253f2f1b03146c8519dbfa76be83f64f3fe635a2371f5c |
| SHA512 | 4f993730cd412885191ae8bbcd494ce57cbe960fea54d92e0f0712c2c03e5389ac3e54f603774df4e5c2bcbd9689bda427d31853b95eb67306e4dee5fbea4aa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/5376-450-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 172b86c73c03f5ec6c90148a156bb7c1 |
| SHA1 | bd51f843c57f3e160458992449200e7eb08c168d |
| SHA256 | 3cc139f48dd77457f932cacc18d3dd39bf9741f382e4f7f6ec5c54bf8c1f8836 |
| SHA512 | 867e7465fb59034761fb64ed151f775da12ccda5c8723595388b9664ff8917b045598f181913b290fa3b54a55b0d8364f3b3912b927d57d02f745174c831aacc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c977b317c7d177435c65b22b1b073065 |
| SHA1 | 579e5f3ac49fe5910a4706a80e55dca7e586b699 |
| SHA256 | 0280ff736baf4c51c195ffe2e25ac472578dd3045cf44c16ccca70cd8d8862a2 |
| SHA512 | e272a95635e7eadf585f9bb743013da337ab25ab71b3f386d6bf7cb8ed11f57eff30eef18013a2e13cde8b07fe4d6c7c07c77d621602889bddedfcccb0b4e776 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c2f1f33a043214fa8b157799cb04540 |
| SHA1 | d06a951047977f19f7c077684c41f006f9959bef |
| SHA256 | 73e0a159da1762666c24d6ec8a654840181f7f838a82f15210190241240fb84e |
| SHA512 | 1a5841927e11e62d92eae50a5a3e09fffe7ad995da3a6e996afaffe0b1665ef6cbae8da3bc269dc0ad4b9ba1fb12ba56aeafbf76d56af2712bb3baea0dc3dcb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8f062a84-97cb-473d-adac-0fc2c2b236f8.tmp
| MD5 | 55931edefb7dc36b58fccaf7ab18fe82 |
| SHA1 | 0f106b1d9f31e9791f206ea87034ddc2da95aa42 |
| SHA256 | dda983f2f8eb3fbb8cbc94b7da63bc0a131f8e1c9307a437b8b118d4f6bad689 |
| SHA512 | 928a479236fa46f131dd64cefa113cd15cc3af271103ddbde8ab77e686d65456036eabe4959117e5fed010a98bed55b9ef91f1d5a0a2059773c44a713bce94ae |
memory/5376-605-0x0000000074CC0000-0x0000000075470000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 90a782064bb157e597f884f9f2ee2e93 |
| SHA1 | a901a1965628c109d59562fcec2516c881121931 |
| SHA256 | 25884027cf24a5cb22d8c9144d19d68739200e4e0bc3f0ba247cf775d8ccedc5 |
| SHA512 | e277e29e4ed8f256eb1f12ff106b70c20e2386f8521ecd349e797e2357dc32f871ce5db8ca0bf8f95be5b33dd99c0d944924af4bacf3af41aa38feba08c958c0 |
memory/5376-658-0x0000000007D30000-0x00000000082D4000-memory.dmp
memory/5376-672-0x0000000074CC0000-0x0000000075470000-memory.dmp
memory/5376-682-0x0000000007780000-0x0000000007812000-memory.dmp