Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-evspksab5s
Target 668531c40d9c51db8cb5f9a2c34ca9c9.exe
SHA256 c5741c73980f3fabdd7b17f58950567af6afb790f02f7ce9f16b9cc97df09146
Tags
mystic redline taiga infostealer persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c5741c73980f3fabdd7b17f58950567af6afb790f02f7ce9f16b9cc97df09146

Threat Level: Known bad

The file 668531c40d9c51db8cb5f9a2c34ca9c9.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence spyware stealer

Mystic

Detect Mystic stealer payload

RedLine

RedLine payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 04:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 04:16

Reported

2023-11-11 04:19

Platform

win10v2004-20231020-en

Max time kernel

145s

Max time network

185s

Command Line

"C:\Users\Admin\AppData\Local\Temp\668531c40d9c51db8cb5f9a2c34ca9c9.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\668531c40d9c51db8cb5f9a2c34ca9c9.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2252 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\668531c40d9c51db8cb5f9a2c34ca9c9.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe
PID 2252 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\668531c40d9c51db8cb5f9a2c34ca9c9.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe
PID 2252 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\668531c40d9c51db8cb5f9a2c34ca9c9.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe
PID 5068 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe
PID 5068 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe
PID 5068 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe
PID 2864 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe
PID 2864 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe
PID 2864 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe
PID 4904 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 444 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 444 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 2832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 2832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 1244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 1244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2896 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2896 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4208 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4208 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1092 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1092 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2864 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4kM1nz0.exe
PID 2864 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4kM1nz0.exe
PID 2864 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4kM1nz0.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 5952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\668531c40d9c51db8cb5f9a2c34ca9c9.exe

"C:\Users\Admin\AppData\Local\Temp\668531c40d9c51db8cb5f9a2c34ca9c9.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x74,0x16c,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4kM1nz0.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4kM1nz0.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,114118579906785970,5282402216008354583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,6073319844219621692,13545701709486110753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,6073319844219621692,13545701709486110753,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10420201507887723428,16209953490798294389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10420201507887723428,16209953490798294389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,17897797464995458181,6451904189953126685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17897797464995458181,6451904189953126685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,114118579906785970,5282402216008354583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7617370831920361925,8218402648587498742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7617370831920361925,8218402648587498742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1687374285525829886,9495073485833129224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1687374285525829886,9495073485833129224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9582895482082353002,17578566841007585706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9582895482082353002,17578566841007585706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9394713993048171832,4092499997024974834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9394713993048171832,4092499997024974834,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,11210467562757988170,693604354279214801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11210467562757988170,693604354279214801,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff999c46f8,0x7fff999c4708,0x7fff999c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5QZ15VH.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5QZ15VH.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7736 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6EA096.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6EA096.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,7576032649502540549,17754805003953455540,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8128 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.facebook.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 store.steampowered.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 18.233.175.4:443 www.epicgames.com tcp
US 18.233.175.4:443 www.epicgames.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 4.175.233.18.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
RU 5.42.92.43:80 5.42.92.43 tcp
US 8.8.8.8:53 43.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 93.184.220.70:443 pbs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.197:443 t.co tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 18.239.36.22:443 tcp
NL 23.72.252.169:443 tcp
NL 23.72.252.176:443 tcp
NL 23.72.252.169:443 tcp
US 157.240.5.10:443 tcp
NL 23.72.252.169:443 tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 157.240.5.10:443 tcp
US 157.240.5.10:443 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 216.58.208.106:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 88.221.25.169:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 54.205.234.65:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 23.72.252.176:443 tcp
NL 23.72.252.176:443 tcp
US 18.239.36.22:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 157.240.5.35:443 tcp
US 8.8.8.8:53 udp
US 157.240.5.35:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 192.229.221.25:443 tcp
NL 23.72.252.169:443 tcp
NL 23.72.252.176:443 tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 c.paypal.com udp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 172.67.209.38:80 killredls.pw tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
NL 142.250.179.163:443 www.recaptcha.net udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 udp
N/A 51.104.136.2:443 tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 udp
N/A 51.104.136.2:443 tcp
N/A 51.104.136.2:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 199.232.148.157:443 tcp
US 152.199.21.141:443 tcp
US 152.199.21.141:443 tcp
US 8.8.8.8:53 udp
US 192.229.221.25:443 tcp
US 192.229.221.25:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
GB 216.58.208.106:443 udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe

MD5 285496566b72e8bca0f6e68b51e34805
SHA1 9f6fc42a485cf125af37cd2a52073d2e5791e4ef
SHA256 92f95dfda3d02ba347b114f10c305178684928a38f556343907413e031c1393e
SHA512 9b5d1cf6700a06f9912aef7fb32c785be1206ce51b0ec1a012c55c199ffa0d3d590a53789235b8721a350b070ba66252f8a8d4148129e5d4958aa73217dd9380

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KG7SY79.exe

MD5 285496566b72e8bca0f6e68b51e34805
SHA1 9f6fc42a485cf125af37cd2a52073d2e5791e4ef
SHA256 92f95dfda3d02ba347b114f10c305178684928a38f556343907413e031c1393e
SHA512 9b5d1cf6700a06f9912aef7fb32c785be1206ce51b0ec1a012c55c199ffa0d3d590a53789235b8721a350b070ba66252f8a8d4148129e5d4958aa73217dd9380

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe

MD5 b04b58f8e5eb8af87c4e3ceed350af52
SHA1 e0362c99bd1157cf20f86128e5bab96b1b59283a
SHA256 844cb2ff03c84e75cc5d82bb40dcb495f0c06c0cf2bdc819bb88b815a0c5134b
SHA512 6aec3dc42c8aa981681142e7c0ecf6fec02044209c6dd026f235881c40d2b1bdac147b0ead48cc721fa587b3485ea7e3d3fadfe83fd8ed7ac01c7df6993b0810

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\in5QI10.exe

MD5 b04b58f8e5eb8af87c4e3ceed350af52
SHA1 e0362c99bd1157cf20f86128e5bab96b1b59283a
SHA256 844cb2ff03c84e75cc5d82bb40dcb495f0c06c0cf2bdc819bb88b815a0c5134b
SHA512 6aec3dc42c8aa981681142e7c0ecf6fec02044209c6dd026f235881c40d2b1bdac147b0ead48cc721fa587b3485ea7e3d3fadfe83fd8ed7ac01c7df6993b0810

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe

MD5 111cfd8b316116e6178df052fc711141
SHA1 11f5f7ea33b5a44bf96657bac6930b1f5b6e77dd
SHA256 01ee16e66e677e0495721d2f2911dbe03225530ee17244c67c76f5cd99fb3a65
SHA512 137d3af46da185f2026e54e7c721e56f1f3a2cdd4648076182ae1622dfc3ec284c86c899f1bc0a3dd3b13c733f9fcc605b1aa8c3feffdf786f266f32df3d6cf0

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gp605wr.exe

MD5 111cfd8b316116e6178df052fc711141
SHA1 11f5f7ea33b5a44bf96657bac6930b1f5b6e77dd
SHA256 01ee16e66e677e0495721d2f2911dbe03225530ee17244c67c76f5cd99fb3a65
SHA512 137d3af46da185f2026e54e7c721e56f1f3a2cdd4648076182ae1622dfc3ec284c86c899f1bc0a3dd3b13c733f9fcc605b1aa8c3feffdf786f266f32df3d6cf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4kM1nz0.exe

MD5 95e846330793d3710ee752a3d11439f4
SHA1 47228b9fef321dec515d071433e74ef215f7b395
SHA256 3370d98c631a68faad10f9dd0bd527e1e8da531f2197fb198368fd6dd437820d
SHA512 01acd0b71921eb527f1e30affc7b6532ef79529ed630333258bda772d2d3f975d42101cd7d1f87031d718ce072c72061ce83d492d87c2793400d4f4776493ac4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_4832_PVWYPXGFKFHQUTUR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2300_PMAEAOCEPCTSIKLM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4208_CTYMLFBGQDGOBUBS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_444_WQSLKGDRCZNXROMF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2380_CNTGYXNSWDPBFWOG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1092_XNKOBXTCCCWJQXQN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2896_CJANUQHPHSFDOITW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_4660_VFZTDMABMORFLXGZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2404_NLMIFVEJRLSFCDOE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_4740_EGRXJLPFMHXRCOQO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1bf0eac198fbab534629a55ff235780c
SHA1 beb87348e68b5083ab3df382fe290170338a52fd
SHA256 436d06bf5de2aa531e77ac25902cebf4e0519db82ff20619b02cb702b4550f87
SHA512 8d4389135a8c41d296806301a45b6aceec881f9f3580efdfce33f78c8bb51a29ad15fd4f596e386d003d92f8e902661c1d464e77ea7f5cc9fa6a4e4a7c3a0727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1bf0eac198fbab534629a55ff235780c
SHA1 beb87348e68b5083ab3df382fe290170338a52fd
SHA256 436d06bf5de2aa531e77ac25902cebf4e0519db82ff20619b02cb702b4550f87
SHA512 8d4389135a8c41d296806301a45b6aceec881f9f3580efdfce33f78c8bb51a29ad15fd4f596e386d003d92f8e902661c1d464e77ea7f5cc9fa6a4e4a7c3a0727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e933ce37-290d-4130-b729-1d21a1bc3453.tmp

MD5 0f3f636ef7ccfcbd8cf5f005b6d5ce39
SHA1 c1550067de8b592a4b18a2ed1292842cce13b461
SHA256 071bec5ab5c5cdcde5cce4c191e1d85cdec0d7f5bf21a4d339463344e2b8d2ed
SHA512 ce78ce6152f9417bbf9205ee9357710b091ed2c4676d7d7557f4b6a99f3b6f5bc473a47736255e39b532aa0e26718c3b591a146dd4348e2f22d33042d83284c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f3f636ef7ccfcbd8cf5f005b6d5ce39
SHA1 c1550067de8b592a4b18a2ed1292842cce13b461
SHA256 071bec5ab5c5cdcde5cce4c191e1d85cdec0d7f5bf21a4d339463344e2b8d2ed
SHA512 ce78ce6152f9417bbf9205ee9357710b091ed2c4676d7d7557f4b6a99f3b6f5bc473a47736255e39b532aa0e26718c3b591a146dd4348e2f22d33042d83284c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\afc51703-f599-4654-a980-38df9c12661b.tmp

MD5 a7bc4d1cd28ba813faa2748ce720703f
SHA1 34652719c5f66437c27ae03f7b9b3c227c5254da
SHA256 b1835ada90fc7c2fc16ef62bc7a4a04b9ac387f0adb80a6ef4fd43a06f2b2051
SHA512 e0cb5a3c0b9a41196057765ed7cd2f9f0ef0a8ade66589841db61ba935d95d427bf47e20a9eca086d7ee6d4b41a0f7d21a8bee5dab8a6f55b5f3c9c9d8525f07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6ae8ff89-81e4-47ba-8908-389104185128.tmp

MD5 5ad1f38b762c4524bdb85547ae506afe
SHA1 823b805b9fc71af27b25d83b3f6e9a8d8a96d8fa
SHA256 15f7a23fc86527bda4b03b7c9f548a2c43c250f8f3bcac27f67bcd34547c5008
SHA512 81cca9f413f45c6a9aa03342c9ed349a1d07f64459f373b9cebceb90b5a16b445f22ec544a606185359564b699d7f884c1a0735f99f9f0fea85aadb0eaef809d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ce037269-7b3d-4a31-a969-277749ea9ea5.tmp

MD5 5f5914c45d4584db73b36bcabdd712f0
SHA1 f3c309876991241af18821c6b09130751bc59bac
SHA256 9de8df1436e00f0d85cdf75551e53ea7053761b97309d325f7e9e6b2ff54087c
SHA512 6e93b8064bee16b39a732fe03921b78f45082b245f6fe180ffee9cbc5ece3c7073dda13cab33bbad6192582f3dfa5b5a89f31f26d2465a4b55c7a76679afd57f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\292217f2-de42-4ec6-a0ed-4c5f1d5e3835.tmp

MD5 63348984551daf9e7e69ec25545045d8
SHA1 0410c720eca8f9b2d077494c526ca61f2207b72e
SHA256 3073be975cc3503352dbfb40c598a0d6eccb230fa3c1ffb44dd15c6912e80bb3
SHA512 9eff94b23b263b8586cba5e001fff6f6f04ef5b820eea3c2ef0d875c37c4908ac2cf1bdfb7bfad2a29dd2e1f1930dab875edb69c32965de954e9799128d8b65e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\66d9cfb0-62df-4595-8008-bb6e4ded8107.tmp

MD5 15b742c0e514d4b63f494362ea837a5d
SHA1 8770824a5c119235639b42d1800884a64c0f6dee
SHA256 efdfccfbb85af8c8212de07edd07f4bd442f51b7a36932d2d9a330e551e3187b
SHA512 1309a82c47fc543e125b93aec6f899169731484664aaa127421c935918f5ab127dc98bd8cb5a859221a7421282e84d2f293a0a922352e6dfeb54b4ddfa06d8b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8c1f4a156b437d50809fe2c4be6cb92
SHA1 c46520b40b7ab3de3828797d1defff36bdb2449c
SHA256 b60854fb6e3e852d84646c25dfb6e7a6e34be91ef2b34c72538a4fcf01e95456
SHA512 04892eae094d1cfffca341b19a9a9530047b6705f3f127e3f6cd20f3a9418d2663bfb7ee94dc97eaa68c6acdf376c24c7236c66ad65cf42e48210c623ec92778

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0a3d8811-ddb7-4997-ac8f-7d37c2bce141.tmp

MD5 99eaadcf9bf63ad6cb6b0885e97a17a0
SHA1 fcb22df0948d216b451d0afba4fa306778981bfd
SHA256 ad4352b1b9b4edc24f4b85bcfbf542b644e3dfc3ccfb13b6ebd52ce17e879793
SHA512 0ffec60ac75033f8dd03128efdeec012843de71d18506244f7e3c92b7e961e3b064ff52330b85bf3eb4c7543f756424c0c6a22af02c2db3037c9f1b6e445e14e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15b742c0e514d4b63f494362ea837a5d
SHA1 8770824a5c119235639b42d1800884a64c0f6dee
SHA256 efdfccfbb85af8c8212de07edd07f4bd442f51b7a36932d2d9a330e551e3187b
SHA512 1309a82c47fc543e125b93aec6f899169731484664aaa127421c935918f5ab127dc98bd8cb5a859221a7421282e84d2f293a0a922352e6dfeb54b4ddfa06d8b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1bf0eac198fbab534629a55ff235780c
SHA1 beb87348e68b5083ab3df382fe290170338a52fd
SHA256 436d06bf5de2aa531e77ac25902cebf4e0519db82ff20619b02cb702b4550f87
SHA512 8d4389135a8c41d296806301a45b6aceec881f9f3580efdfce33f78c8bb51a29ad15fd4f596e386d003d92f8e902661c1d464e77ea7f5cc9fa6a4e4a7c3a0727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83951e8909f284093c5bece8b52af3f4
SHA1 0be79956e4c1f5b6197aba82e2493a182494f69e
SHA256 268cb9f8efcef965ded2997db522ca9bb4158c2b9bc5db9ced4de8160cb6e800
SHA512 2dfcb067801fab84daf7de6422bdbe28aa68324dab386e2acc82a45f8a429951f06c545174dab5b701b8c4077cbe3eb87318a11339f2dc33b408f7f8c536e9a2

memory/5668-346-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5668-377-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f3f636ef7ccfcbd8cf5f005b6d5ce39
SHA1 c1550067de8b592a4b18a2ed1292842cce13b461
SHA256 071bec5ab5c5cdcde5cce4c191e1d85cdec0d7f5bf21a4d339463344e2b8d2ed
SHA512 ce78ce6152f9417bbf9205ee9357710b091ed2c4676d7d7557f4b6a99f3b6f5bc473a47736255e39b532aa0e26718c3b591a146dd4348e2f22d33042d83284c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63348984551daf9e7e69ec25545045d8
SHA1 0410c720eca8f9b2d077494c526ca61f2207b72e
SHA256 3073be975cc3503352dbfb40c598a0d6eccb230fa3c1ffb44dd15c6912e80bb3
SHA512 9eff94b23b263b8586cba5e001fff6f6f04ef5b820eea3c2ef0d875c37c4908ac2cf1bdfb7bfad2a29dd2e1f1930dab875edb69c32965de954e9799128d8b65e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15b742c0e514d4b63f494362ea837a5d
SHA1 8770824a5c119235639b42d1800884a64c0f6dee
SHA256 efdfccfbb85af8c8212de07edd07f4bd442f51b7a36932d2d9a330e551e3187b
SHA512 1309a82c47fc543e125b93aec6f899169731484664aaa127421c935918f5ab127dc98bd8cb5a859221a7421282e84d2f293a0a922352e6dfeb54b4ddfa06d8b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4cf88d1e51aec338fd63b5489b570f75
SHA1 6d1f74674f63a6a5cce226fb2c932313fec85ab5
SHA256 78a1cfb9b655fa58202df87dd8413fdfd2903dfafda4c3c1c932bea592902be7
SHA512 61811b024b722e6683f482b1fee6e6366be672fc3990be960fd9a5583f69a4c208de0e5864a39bd5017d5db47fb2ccbd5f114759bfa0b28c4a9cd060701da3a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83951e8909f284093c5bece8b52af3f4
SHA1 0be79956e4c1f5b6197aba82e2493a182494f69e
SHA256 268cb9f8efcef965ded2997db522ca9bb4158c2b9bc5db9ced4de8160cb6e800
SHA512 2dfcb067801fab84daf7de6422bdbe28aa68324dab386e2acc82a45f8a429951f06c545174dab5b701b8c4077cbe3eb87318a11339f2dc33b408f7f8c536e9a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8c1f4a156b437d50809fe2c4be6cb92
SHA1 c46520b40b7ab3de3828797d1defff36bdb2449c
SHA256 b60854fb6e3e852d84646c25dfb6e7a6e34be91ef2b34c72538a4fcf01e95456
SHA512 04892eae094d1cfffca341b19a9a9530047b6705f3f127e3f6cd20f3a9418d2663bfb7ee94dc97eaa68c6acdf376c24c7236c66ad65cf42e48210c623ec92778

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6f255164-9902-497f-a56c-d606c22b1768.tmp

MD5 b8c1f4a156b437d50809fe2c4be6cb92
SHA1 c46520b40b7ab3de3828797d1defff36bdb2449c
SHA256 b60854fb6e3e852d84646c25dfb6e7a6e34be91ef2b34c72538a4fcf01e95456
SHA512 04892eae094d1cfffca341b19a9a9530047b6705f3f127e3f6cd20f3a9418d2663bfb7ee94dc97eaa68c6acdf376c24c7236c66ad65cf42e48210c623ec92778

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b0e8511b442f8865b16722589f7340ff
SHA1 dee36059220a585016868c01420572e435b2d65a
SHA256 7cadeeeee0b53c01ab3561b9a7848698f227fcdcb94d23d0317a0cc60e7d9b47
SHA512 cb739349a15a6ab570422b5422fd3b0f0f95e58a887bffd7c3f3701a1173a48c32708fe5e41220224c2f09965998dd598277ae5c650c92b9cc8525c35019f564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9905c2a3a646d7c5f85bd18c90d16e46
SHA1 e3149bc06b6c938ddfc05e0aaf14e905e9d8329d
SHA256 581baabed2e3294843a2d9a8925833733dced0699f01e10649bda48b80c10d0c
SHA512 0447a35b8b1057049ffaed026054cd3b18d6c72b1201613b5065a237a3fb29a99387e32532d23b8bc6192ac3440043173547d8ce5b6f5b6b13bf7a06b120d1f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

memory/7060-586-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7060-594-0x0000000074880000-0x0000000075030000-memory.dmp

memory/7060-598-0x00000000079A0000-0x0000000007F44000-memory.dmp

memory/7060-599-0x00000000074D0000-0x0000000007562000-memory.dmp

memory/7060-600-0x0000000007660000-0x0000000007670000-memory.dmp

memory/7060-601-0x00000000074C0000-0x00000000074CA000-memory.dmp

memory/7060-604-0x0000000008570000-0x0000000008B88000-memory.dmp

memory/7060-605-0x0000000007830000-0x000000000793A000-memory.dmp

memory/7060-606-0x0000000007730000-0x0000000007742000-memory.dmp

memory/7060-607-0x0000000007790000-0x00000000077CC000-memory.dmp

memory/7060-608-0x00000000077D0000-0x000000000781C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/5768-644-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5768-645-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7060-646-0x0000000074880000-0x0000000075030000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/7060-650-0x0000000007660000-0x0000000007670000-memory.dmp

memory/5768-653-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5768-663-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc81fbee62f413686f6e49e1f286916b
SHA1 79b6848067a0415e0eea4bb82251907bdc0f1793
SHA256 1dadc97c8ceba40cd55f55dc30f6bf3abdc1a58d88b427be2fc587022e638641
SHA512 ab3175a6565b7efd8b6849c0b0adb0e06c2cdb053f0234c8e39ae76a05b0ba7a1d41cab2a6f0b4966e1fc4c1df610af6853168a7e48818b0c237111ddfcc6271

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590f48.TMP

MD5 b3d7f18918b92a61de3ebd6dfbaac97c
SHA1 c4bc4362c3bc4c995563863c4b24330ab1b6f426
SHA256 9db70aad2d90b56bc7f0757310c2ffb0f063c6556c88eed9e3c374692f25f005
SHA512 9a174a6ca3486a22f604e8d22dcc6567ad4322c7cf0e65675d0557bd596fe08292b43fcd267460a0b7889c0463072369c6c5aeb268524a3d905723ce3afe4a08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f37731fb2c4e45ceff7d1ee3f1087fad
SHA1 ab068ed4570f06bf7c622f557bf63ca0ef782278
SHA256 528a681a4b4e0da2ecfa89c674a24c10a1dda8b088fceb24fc45a457c96ce5ae
SHA512 16e0b6531a6fc822872d812ec6823915e15c3c46aeea17ab1be3be6758a474f3c0f043c71b07468bbbd94aeb90a22018e79ce2184e36b4e64b8c315714bd722c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0aae9e0f3aaf9dee94ddfe8044edf51a
SHA1 ff58aec462ede540606878661ed2e5a34af08a62
SHA256 f0d92fff0fdbb69c20b88450bae2191e0fe043278ca3bf7ac8c49356206482e0
SHA512 170d9ce28e14b404729b42b0a5163f661fe54d06c63a8e30c566b73b153ff6d8144cf7992b6fc59890dc86cdfac708e8b50b8d305f2ae746adbae81e2dbd4ded

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 48ef554bb4fe8eed52fcd192ecfff1ce
SHA1 83ad4bd8457c46762295723a4d59f7fe2eae871e
SHA256 b1ff714bf0a74f69b3a239229bc8c697d27eda432c364b6255efafbfab910ef8
SHA512 dc1592f71109385ec6bfff16653b06a5a1cecb24cb612e6f995fb40766173bf9e36b16cf6c030ffe70867969e9b1cf61aab419d1b07cf4ce01410b0ec70eb649

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1c5418b659eaeb43dfa7bbc107cd7565
SHA1 c6ff3a48d729230781adee3d62f18d350021bcb4
SHA256 b35b2b2237a1f8ddcf1ec9e083f6c77017c281640cb3c7e972d7636d77c6010a
SHA512 f238b3553260fa1260c6677eadb8e7cea525141d7e59dc131f5c42524440ecacb5d300a69f7eeaefb1465afde281e35f51d95d02fe8f2a53757d4ccbba4a621c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e1a52789daad0e1ac09dd698bc6fc0b
SHA1 1594934c29efd54fa94435878b1398413bca7e89
SHA256 cdd25979843e1ba1a01a1e1640b99bca707f35b427ebe5b848c2649bfd82ad95
SHA512 8d6aeff9e9d37f733bc7cf145fa635f49ae4ee45db7dabc2d10fc748990a14e28d7f93be9e26ef1816f81980106218c4b4c0006c5dc503962edb504d03fd48ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a1b1d94b52098c3da41d5a2f51602f32
SHA1 11e1cdfce32d74de68240f84b5d01ef8fdec7cbb
SHA256 b25fd2ef33455562c1d45b919d39aa0cbaa42b1bd650d5c0694e1d8dda4fcb34
SHA512 52f75375926af454b1b01e3979ef3b34be2e71ea81bd2c59e7c23a5dea1b7686a0ae70c3400dabfd365a6552eff89d5eeda5d08c9ea9fd47ec6f7fabfe10a37d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a9bb05e5b17967adbc71b03dc4ac932b
SHA1 5e7061caa507e691304b62d62e03e3efdbdacfb2
SHA256 7a0aa50478990a2bae94f662995a29f3cdc49fe56546407f9fac84adf68c00c6
SHA512 46dec5221e4a075ab10471a60dbb0cf487d6e3fd75ec3f52c697f8d6a7afaceb7c9ee5c1aaf7bf16cf8e92ccdf1b06e2aafbcd5e0c600ae85336d77f837e0f95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3bf0e2eaf8474732fe793cc93339d77d
SHA1 b03c043c978cdbef191728de701d0387900e3850
SHA256 5ceb41b1afd46f157fd0cb849172172f6e8970dbe7dc328ed0ba5a24241dc3e3
SHA512 f4a1d0dcda8aa5c2b5c9fc4cd3a9ec047257df52bba1f2898ad636b1f9567a4c9f032d43c0a72313e6e349eaa4fc5b28288fcc11fd286a76f7067680b7d701fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 781414e93d44a5dea47963e36fc93472
SHA1 a77d2069e41614476cb61b8422985beb8df47b24
SHA256 9b8e741067c21690b467a681768318e976a88580650dd406f2f4d2aa80a0f29d
SHA512 bfb9310a2a708d8a20f217c956a0cc11b97209ccaddaec26b8649771a2f055f12b24b825dfbe4e8fcd8f972a6b969a7003ae0cdd1e19a37db0a232f3601948e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ae5da548bbe851dc04dc571aff16350
SHA1 062e891ec57121896c64789110141ec7e51224e9
SHA256 25a762d3915c007254c5b2ed8f429529ff9c46f608d5d6a1ba7f50efb6a3640e
SHA512 c725e4572cc7b6ae3b1201f9eb953597e2ad9de504352759dea0cad9ed1f0cc5ef93a0adb69a67f6155c0df855d548c20b07f8a2d615f986f4b3ed9b2fa79119

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e3cf6b52b40fda0bac13f217b167ab4f
SHA1 766dc92926183c49c2507748b87c01848ab3d784
SHA256 e56120e2a0b9a9d0002402ecb42a54805e63e21cbe7e2774c546f78bc75da45d
SHA512 6e426d390b4311df2b86127cdc16cca2c15fa4d6593e5ce93f37b5bee091508762e93b9c98a593932331a076ba05c30c6326dfb8d3ed67a8c28ad45a11c5357a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64b4bc03f09a72f256fa91fd20e751c4
SHA1 76a0aa1dbb871ada060b4cf357c5f5192cd0de45
SHA256 719ad4ad019097a96ffdc6e3516dd7c9ffcb2c0ca4d0fcc1ac5cccdc2cc2ef09
SHA512 9528d4ee00bdd3b12a54e37853d4397f0e61ceca2c4f883ee59499c4dc18898c0b15472a2e8de73cc39266e187efe94897c2cf8deedac81f3f298ab62faf5eb4