Malware Analysis Report

2025-01-02 05:15

Sample ID 231111-f29gcace54
Target b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6
SHA256 b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6

Threat Level: Known bad

The file b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

RedLine payload

Mystic

Detect Mystic stealer payload

RedLine

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 05:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 05:23

Reported

2023-11-11 05:26

Platform

win10v2004-20231020-en

Max time kernel

161s

Max time network

182s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1396 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe
PID 1396 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe
PID 1396 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe
PID 4628 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe
PID 4628 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe
PID 4628 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe
PID 4888 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1676 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1676 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3548 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3548 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2060 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2060 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2308 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2308 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5028 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6.exe

"C:\Users\Admin\AppData\Local\Temp\b41936fae15a96825c68c8674862aedad245cf2495cbc6b1e01e66ae2cbd09c6.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5666344054495927936,8948776318204407268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5666344054495927936,8948776318204407268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14490183171199901200,9296277537736277653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14490183171199901200,9296277537736277653,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,1293334415319194895,11285567967199903657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1293334415319194895,11285567967199903657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa89c546f8,0x7ffa89c54708,0x7ffa89c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1211903238679398860,9222988959660024583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,414936591408756141,11887817579738175208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,7363810015359170843,17922186343488698534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,3163452042829644908,14011905701422489657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2pC8422.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2pC8422.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7768 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3yu63jV.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3yu63jV.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 7912 -ip 7912

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,9527463963892963241,10715205832890207139,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8316 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 3.221.61.110:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 110.61.221.3.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 113.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 t.co udp
NL 199.232.148.158:443 video.twimg.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 104.244.42.133:443 t.co tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 t.paypal.com udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 rr3---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
US 8.8.8.8:53 232.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
NL 142.250.179.163:443 www.recaptcha.net udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 192.229.221.95:80 tcp
US 93.184.221.240:80 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.202:443 jnn-pa.googleapis.com tcp
NL 142.250.179.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe

MD5 2be87d1de6c992873b504593927afdf1
SHA1 a3da3813727799837278101dbb9c0894cc48eef8
SHA256 e011fb290a476c56db559855da36cb5507418def05b327f0c8becc79f78e37e0
SHA512 b9951d010d96092bc5451bb45e680d3ca82477f5fecec76709607af7f37262cfa1da112f1279777e4172198950b5b499f4dc4b8737edc4750aea56e6a7f141d3

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vg1JN04.exe

MD5 2be87d1de6c992873b504593927afdf1
SHA1 a3da3813727799837278101dbb9c0894cc48eef8
SHA256 e011fb290a476c56db559855da36cb5507418def05b327f0c8becc79f78e37e0
SHA512 b9951d010d96092bc5451bb45e680d3ca82477f5fecec76709607af7f37262cfa1da112f1279777e4172198950b5b499f4dc4b8737edc4750aea56e6a7f141d3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe

MD5 3e6d22fd56dd6a702f39db76611fcdb0
SHA1 d988c79aaa6ab368c3d8934e5d8df5fbd6f8198e
SHA256 9090bcfa3b87caf2bf4af3d08b79d3189898cb13736a29dfa8dc56b3ec5993ed
SHA512 acc2838009c705b49cbea17da332edc086a5a2fbb3d0a2c30ed0897100cdc3e6d361820790ea2aa82ad80ad437f0e098cfb803801cf57776c073ab11a15211e6

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Tv96Hq2.exe

MD5 3e6d22fd56dd6a702f39db76611fcdb0
SHA1 d988c79aaa6ab368c3d8934e5d8df5fbd6f8198e
SHA256 9090bcfa3b87caf2bf4af3d08b79d3189898cb13736a29dfa8dc56b3ec5993ed
SHA512 acc2838009c705b49cbea17da332edc086a5a2fbb3d0a2c30ed0897100cdc3e6d361820790ea2aa82ad80ad437f0e098cfb803801cf57776c073ab11a15211e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_5028_XAZHIJJASLMWRWEP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_1676_IFUKEASUQVQTIKDR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4816_OOVMEMHQJZLZRALB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_4752_RWGJNSNKAVECJNKK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\513fc439-ede0-428c-92e0-d05b540daa6b.tmp

MD5 93e322643b23df1553b85acd5af820e3
SHA1 d9339719907b6ae2eb46fdc005544513d80db540
SHA256 9c5df28efa6dcc19b5c4f0496db4786ede57790d6583a9f8d64d651b8e4f65e3
SHA512 3699756dc23cd5c3345d89cea89abf90e54e267eacce66b95a06aa6aa4676debc9d24edcd7289d6dc8ad137eaba598f094a4c27a4d48a4a07b5200820fe319f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 34581af335ed71bc808877f26631a38b
SHA1 d25bb128f84b97e97282f9516ec6271feed0817a
SHA256 60ce875f3867303e0a101159d1adf159d97f6ed0092a25b61bb4babd9604b86f
SHA512 7327fcdc7c333ce040edcb3ceb10f2f2922101823897dafcb456ce76f1be23cb199063675806221678aeff49f640fb697094b809c6d01dc50cac859edf320f66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1af04eef21f49a661af97c7b686abdb1
SHA1 647f4edb04ffc7ecd970597da1f1eb5aaf548487
SHA256 ebf1d20a55d4bc5dc8d4d3683bf7b9c13fecf2dd4c0fc7003abdd249bba94d3d
SHA512 7f9acf9c694ae232bb5ccc7474f30146094e66312ad539ca4c14db55c393025817dbdb7ef2daf02f3459efe2a941285cba644ba83a174ce101bf335c5cc60d24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 93e322643b23df1553b85acd5af820e3
SHA1 d9339719907b6ae2eb46fdc005544513d80db540
SHA256 9c5df28efa6dcc19b5c4f0496db4786ede57790d6583a9f8d64d651b8e4f65e3
SHA512 3699756dc23cd5c3345d89cea89abf90e54e267eacce66b95a06aa6aa4676debc9d24edcd7289d6dc8ad137eaba598f094a4c27a4d48a4a07b5200820fe319f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a2ec3565d72fcd996308364b2dc43925
SHA1 47b466795160dbc136a1e9cd18daca61f6c81d43
SHA256 31dca82d3aed6c853240338afac5dbbe05d4bd683e5169beede1c8a63bb90911
SHA512 4cd492cf7cac324e0b20b2984a8ad90c38b07104fbc053538d9f5f52dd2cbbfe80309c70b77842eed9601b8497010ac3b85d768aebea3eaf9ddd56f09b65a773

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9fc3895877baa0099cefd37cfcc887f4
SHA1 86fdf132743682e450987ff7cb94a97298de6416
SHA256 9ae209d91c8c070f83710cf6f7eaeb41b4b8ba142d0779808c00313406ac83e7
SHA512 484712828668d7474f07560100369dadb5b1b02f6cba72670df0113b64ea58927908ad96839dbd13d0059f180f2bdc58283b0328a10609e33f929db0dcab712d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2cf7e421-10d2-4e48-830b-f31fd605aaa8.tmp

MD5 34581af335ed71bc808877f26631a38b
SHA1 d25bb128f84b97e97282f9516ec6271feed0817a
SHA256 60ce875f3867303e0a101159d1adf159d97f6ed0092a25b61bb4babd9604b86f
SHA512 7327fcdc7c333ce040edcb3ceb10f2f2922101823897dafcb456ce76f1be23cb199063675806221678aeff49f640fb697094b809c6d01dc50cac859edf320f66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9fc3895877baa0099cefd37cfcc887f4
SHA1 86fdf132743682e450987ff7cb94a97298de6416
SHA256 9ae209d91c8c070f83710cf6f7eaeb41b4b8ba142d0779808c00313406ac83e7
SHA512 484712828668d7474f07560100369dadb5b1b02f6cba72670df0113b64ea58927908ad96839dbd13d0059f180f2bdc58283b0328a10609e33f929db0dcab712d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a2ec3565d72fcd996308364b2dc43925
SHA1 47b466795160dbc136a1e9cd18daca61f6c81d43
SHA256 31dca82d3aed6c853240338afac5dbbe05d4bd683e5169beede1c8a63bb90911
SHA512 4cd492cf7cac324e0b20b2984a8ad90c38b07104fbc053538d9f5f52dd2cbbfe80309c70b77842eed9601b8497010ac3b85d768aebea3eaf9ddd56f09b65a773

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1af04eef21f49a661af97c7b686abdb1
SHA1 647f4edb04ffc7ecd970597da1f1eb5aaf548487
SHA256 ebf1d20a55d4bc5dc8d4d3683bf7b9c13fecf2dd4c0fc7003abdd249bba94d3d
SHA512 7f9acf9c694ae232bb5ccc7474f30146094e66312ad539ca4c14db55c393025817dbdb7ef2daf02f3459efe2a941285cba644ba83a174ce101bf335c5cc60d24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 93e322643b23df1553b85acd5af820e3
SHA1 d9339719907b6ae2eb46fdc005544513d80db540
SHA256 9c5df28efa6dcc19b5c4f0496db4786ede57790d6583a9f8d64d651b8e4f65e3
SHA512 3699756dc23cd5c3345d89cea89abf90e54e267eacce66b95a06aa6aa4676debc9d24edcd7289d6dc8ad137eaba598f094a4c27a4d48a4a07b5200820fe319f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f84d61398e3f292f432e1080e4e65e48
SHA1 d8e04c9ca8a856e53d0ad48818ad8dcf582942bb
SHA256 a276e77b92e92a433d40b1ad8b288bb3d776f87c66deb665517aafd13ba23c35
SHA512 a7a794ffa00bc77f7885b69ae5e3652a99ae37b43405368764efb0bfd47464b4c1be2ac0dafc19b37f2969df05434984a28a39c0528a2e7bb729614e135bcf9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e30f154c8ba2ba030a774844a2bf1095
SHA1 d7404c79fb7e9dae9438e5e7d4c6c5cb42131d7c
SHA256 6de3221b6894a2d6ef342416617a5d985847aee0bce4941f29148a3050e60b47
SHA512 f639e5f3667e25994996ed3d6dfa3475e7dc4b8a3601d04dc64ad394d1e0b4740379cc98661eb6283cc049c02e295232e325c09708347ee8a19439ba8461a783

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f84d61398e3f292f432e1080e4e65e48
SHA1 d8e04c9ca8a856e53d0ad48818ad8dcf582942bb
SHA256 a276e77b92e92a433d40b1ad8b288bb3d776f87c66deb665517aafd13ba23c35
SHA512 a7a794ffa00bc77f7885b69ae5e3652a99ae37b43405368764efb0bfd47464b4c1be2ac0dafc19b37f2969df05434984a28a39c0528a2e7bb729614e135bcf9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e30f154c8ba2ba030a774844a2bf1095
SHA1 d7404c79fb7e9dae9438e5e7d4c6c5cb42131d7c
SHA256 6de3221b6894a2d6ef342416617a5d985847aee0bce4941f29148a3050e60b47
SHA512 f639e5f3667e25994996ed3d6dfa3475e7dc4b8a3601d04dc64ad394d1e0b4740379cc98661eb6283cc049c02e295232e325c09708347ee8a19439ba8461a783

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 34581af335ed71bc808877f26631a38b
SHA1 d25bb128f84b97e97282f9516ec6271feed0817a
SHA256 60ce875f3867303e0a101159d1adf159d97f6ed0092a25b61bb4babd9604b86f
SHA512 7327fcdc7c333ce040edcb3ceb10f2f2922101823897dafcb456ce76f1be23cb199063675806221678aeff49f640fb697094b809c6d01dc50cac859edf320f66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9fc3895877baa0099cefd37cfcc887f4
SHA1 86fdf132743682e450987ff7cb94a97298de6416
SHA256 9ae209d91c8c070f83710cf6f7eaeb41b4b8ba142d0779808c00313406ac83e7
SHA512 484712828668d7474f07560100369dadb5b1b02f6cba72670df0113b64ea58927908ad96839dbd13d0059f180f2bdc58283b0328a10609e33f929db0dcab712d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a2ec3565d72fcd996308364b2dc43925
SHA1 47b466795160dbc136a1e9cd18daca61f6c81d43
SHA256 31dca82d3aed6c853240338afac5dbbe05d4bd683e5169beede1c8a63bb90911
SHA512 4cd492cf7cac324e0b20b2984a8ad90c38b07104fbc053538d9f5f52dd2cbbfe80309c70b77842eed9601b8497010ac3b85d768aebea3eaf9ddd56f09b65a773

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 312bda1d637aa5da6074f1e938e1ab1d
SHA1 91dc089d8de77d5622be44cd716c65bd6fa2a6df
SHA256 5897c7eaa43e2ae42a0a80641d4bed76e75f5b44578d1bf311d2b422a5b75b71
SHA512 c3794632aa9c1ac0cb6bd98a05ee42b79d5948fd53b12a18f0191608569bc76f1c96c2e1ccd67e0614cfcbb522f789d94a194e5ae3436951de711eefa724b3d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1af04eef21f49a661af97c7b686abdb1
SHA1 647f4edb04ffc7ecd970597da1f1eb5aaf548487
SHA256 ebf1d20a55d4bc5dc8d4d3683bf7b9c13fecf2dd4c0fc7003abdd249bba94d3d
SHA512 7f9acf9c694ae232bb5ccc7474f30146094e66312ad539ca4c14db55c393025817dbdb7ef2daf02f3459efe2a941285cba644ba83a174ce101bf335c5cc60d24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f84d61398e3f292f432e1080e4e65e48
SHA1 d8e04c9ca8a856e53d0ad48818ad8dcf582942bb
SHA256 a276e77b92e92a433d40b1ad8b288bb3d776f87c66deb665517aafd13ba23c35
SHA512 a7a794ffa00bc77f7885b69ae5e3652a99ae37b43405368764efb0bfd47464b4c1be2ac0dafc19b37f2969df05434984a28a39c0528a2e7bb729614e135bcf9f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2pC8422.exe

MD5 889dc02b9911c773f47bddc35c07245f
SHA1 9a703c8dede29cd196ab67c9779038986bc4b725
SHA256 eb85e3aaebbcd6a42ca3b702ca665ac551fda2d39955989a76f942e275d6b850
SHA512 f67bbd9a445b69e74882b1059776906e30d0967f6ac56f6d80a0647726e50f0e44d1227923280c37eaab5c95694d1f561f4d88a45086242a2f622e01f4abe6c7

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2pC8422.exe

MD5 889dc02b9911c773f47bddc35c07245f
SHA1 9a703c8dede29cd196ab67c9779038986bc4b725
SHA256 eb85e3aaebbcd6a42ca3b702ca665ac551fda2d39955989a76f942e275d6b850
SHA512 f67bbd9a445b69e74882b1059776906e30d0967f6ac56f6d80a0647726e50f0e44d1227923280c37eaab5c95694d1f561f4d88a45086242a2f622e01f4abe6c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e30f154c8ba2ba030a774844a2bf1095
SHA1 d7404c79fb7e9dae9438e5e7d4c6c5cb42131d7c
SHA256 6de3221b6894a2d6ef342416617a5d985847aee0bce4941f29148a3050e60b47
SHA512 f639e5f3667e25994996ed3d6dfa3475e7dc4b8a3601d04dc64ad394d1e0b4740379cc98661eb6283cc049c02e295232e325c09708347ee8a19439ba8461a783

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a6c0dfb5a9efef8f3598c214c51dd132
SHA1 54179ab2b2c26cf1b6b673e8b0f0649649b95d03
SHA256 519c53f3940e82afcef543b72ac847d383f8091d28802902663c4e4f33154787
SHA512 218be1a71dddd79944772b99e261a576730d9d075b00ba7c9386616f082e7ed244951d4420d787c32ae0ccbadb2e9ed94ef5538ea0d4a9d41d183744f3e3e13f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f80aaedda9b1dfec619397a84b3f025
SHA1 d0d7be94b72c63160a69be5beb84323ca00b6a82
SHA256 0212aca19a92e713f79a247df5164d3b31e6063450121cfdae6936953d1fba93
SHA512 fe57b6c91982ec45eebd6e59722d260bb9ba238f6796e41073ee2a6a3546d9fff4c0082d2b2320546ddb9d36334a716a94fe7317dd6b955e75349368b7a62255

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

memory/7912-317-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7912-318-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7912-319-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7912-321-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d09173b30a52d4446c14878047f6d546
SHA1 a0e83c5ab38df93ade59510379d2cf933cd84d67
SHA256 7cbbb3b73c310a530f1df5c7c1286e733b54823416a48831a42435bab38b7b47
SHA512 5314716aceccfd6877a5e03803c1f74b9e30759a1404a2027a96b9bc6916ce2c0fd594dfa27777d65fed6074965b53971b09661dc685f4ad5cf9c8dbe93b7c66

memory/8188-368-0x0000000000400000-0x000000000043C000-memory.dmp

memory/8188-373-0x00000000742B0000-0x0000000074A60000-memory.dmp

memory/8188-381-0x0000000008070000-0x0000000008614000-memory.dmp

memory/8188-382-0x0000000007BA0000-0x0000000007C32000-memory.dmp

memory/8188-383-0x0000000007D50000-0x0000000007D60000-memory.dmp

memory/8188-386-0x0000000007B70000-0x0000000007B7A000-memory.dmp

memory/8188-391-0x0000000008C40000-0x0000000009258000-memory.dmp

memory/8188-394-0x0000000007F50000-0x000000000805A000-memory.dmp

memory/8188-397-0x0000000007DE0000-0x0000000007DF2000-memory.dmp

memory/8188-403-0x0000000007E40000-0x0000000007E7C000-memory.dmp

memory/8188-406-0x0000000007E80000-0x0000000007ECC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 28b201575a00041f64df93691067df01
SHA1 215441cc09862a0b9e71a637b2f2648cf36c8265
SHA256 dc08b0e2d687e912c75f808b63ef59be944fd58d30440ef13d3f57f95a0565c1
SHA512 d6398d80dc01379d8c4458b061d98b6dc54ffa6d84615005f564b3460d771b183878e06778456143b42de4578b8803ec6739298fd90f0371fe007d9d7c1ffb19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5884cb.TMP

MD5 9a2b8672733bf5faedf3d08e89ea9ea6
SHA1 6b14648f692eb62bc0826ebce33c178fd7bd4b6d
SHA256 e204971798d718e86df6b78da63375bd8e688c3e857bfd572d6795354439ef5e
SHA512 681454c27ab67ab013cc8817ac04691e4126f723d89def7717bb33480725b233b80faca9bf50d6a113ac8ea1c41b625298fa04541dd9118aecb5108d5e508e4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 62463c7d7767657a8b476c41072caa0b
SHA1 e7d1b01e0c6e317b2ce0a0138aee5472d3e28747
SHA256 a6e7c22ab01558fe5063d5e88d0fee045b5950d636fac8e957a73f2915ed717c
SHA512 5cb1251c8a4011f9bc42737336018fb6a04ee279872ca3d75e2f31dc1149a05a5fc58cc012d889a915543d4821c08d3621994d0fac175f386909fe776a4b55ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fcd2e68b3ab73d0eff577c8bb978c9ac
SHA1 e866482f26caf0c2f0814b5c9a322a8a00b66c35
SHA256 98b9f012ad814d0757131c4e3322ed868ffd3bc6b19d3d17b5abd8e66961a08a
SHA512 6d00fe1aaa4ed2f7f4058549e8fe694732e107d57894fee7dde5c6542b558b8b26f739e2aad07942eaad1bafb2c65001cace5fc862c59fb79d79526cd9e168d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fbf0df98caf07e087acee28e2147bb5a
SHA1 a7f0ff63deebe0bf6ff1affc6cef50af66a7ca9d
SHA256 3c9e5270966b7886ca939760d93e12858056adfdea2b7b676937ce65cb19f853
SHA512 40e9565e9614a3d6789b1214e53f36f6454f8f78ab45c673d018194eadd69b3161d6d36712cd577afe48dda1a7f71ab37583dc804ad6b31a0864e12f8ff32fcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8ea868562a33fdb1389dc9ab1aca9e17
SHA1 8d88ad3165d7b9a0c9980f6bf6e27b8d4b95e488
SHA256 2d5f1828a760241890873724b0ddcdd65a6c4529c18a0617521ac818f4c3bde9
SHA512 eeb9461517b1656dac8b514e9967010abadc5af358c944f544b012a89cab0184069158f92f5bc04b173803932f554ca70ba9fb47fe02950a3536ec1c1d81d402

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 791fb1ad0904eb3579da2ead40a86ccf
SHA1 65bfb082db3ffcdb878c4d44303378b280d6d1f2
SHA256 253504b03ea4af5e71833b7cbe916d6649dd88dc66c82902a6501f6caa9ec463
SHA512 4447598190a9862784107e4ff6a27b22805be10e34b82bec3c8fc2a9bf1a5a5455306acdddb00935590c133477bfdcd35d70ed759a7558caeb27225d5d4a4b79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/8188-683-0x00000000742B0000-0x0000000074A60000-memory.dmp

memory/8188-744-0x0000000007D50000-0x0000000007D60000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d26421cf65d6146abbe69a9426e3d393
SHA1 21745a3f7bdecde98c557037e6fb42bea3234243
SHA256 e7adfdb068d40ecbe1b85ef46b375de5e6be9b3560922bac09588540fdd824ba
SHA512 599c104d9f0ac274165a81d9ca36858812e6ace7bd8d19e79e7c18e605cc67fc955db4093bb7a3cc130c1f35b389a73e16c273bea40ac89bdb48e27809b196d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b75cca664188e2a733f149b287256b23
SHA1 418a813a9cccfa8dc3bd1413b0b71b7a9c888d64
SHA256 e11f08f7116494132650b3a185ad95a5112ebf73974a40201ea80206292848e7
SHA512 3df0e00c85e2ff02e9155366825ebb99fb6db8098e3a48c6321fc889ea3790d9e047a102d6e1c135dec3ec03dcbeaa74a6569371f8483c8892ca8b3104462e43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\106623e8-f86d-4990-8220-30c25f51cf7b\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 545655fe300e205783407b38da1d0999
SHA1 de417175e8cd0ffc10a7aeb076fd40b7b3f3a8ae
SHA256 6a7721491e3d34ab2500250e00a000dfd778d071d6f54a76c974d29e5bf71d63
SHA512 ef6f5de474130317fe905bb210643f6199cc6d8cd31ad69eef9bb4e3798653aefe8b02881f8cdb4ddb2bad39c4c0969f842559867027defb8b818c84c0fdd5bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58b3ea.TMP

MD5 e9c6545fd546f03f63a352da94a15cda
SHA1 e239655194d7340800611acec49f387bef4d0c10
SHA256 1a409a511d5511261e49b66783eaa2f6f93c405d5b6051c3300447fb7e9b4fef
SHA512 cab25e58d79a1e52afa41755a9e3167b0f2606049790d0eac65faf4d44592aca4f75042cc40ae820b8d3da7d91d717637e3d326e7c737228cb4698dd025c2578

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 16b557618ad301bed551f3bacf924a87
SHA1 3c8c7df1c29f7db307bae09d7e6ff10b6d6a925b
SHA256 54e7cd27ec3d0ca819dd0685d9892a5e3d9116da7a71d4f1ab8f99e2b4428cf4
SHA512 8833834f49bdd23b470ccc20c8ea150fcc40d20e13ddd0fb44e6ac3c97d9f74e74ccd233ba5cff60946481cc9af534daddb736de87a2306b3e845eb1753f41e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e971ce3feb9b2bb8eeb19a6bb4f85a0d
SHA1 d0698c706d6104a9351618f849dd184698c2cb84
SHA256 d978acc251c6996c9d5946e21b691f0529d448c1c6dc87ded85ae2228ee4be7b
SHA512 46fdd336341114d066d81394535c79de74ec88d6f51613ca27194ee737ac7f9e21d84eb1ebb89db02766a6253eb484090d145380a1c3c253b75b251e78768da4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\82e097dd-a58d-4556-baa5-1158c07c38f9\index-dir\the-real-index

MD5 5d5eba3e9dfe8c7916abc549830909ce
SHA1 b5e2545bbe2555304b4fab51eb0d0a1d5f9b79c4
SHA256 f33112dcdbb0752d5ddf9d125fb5f9e867540717ce8b6dd5d85da4454a75185b
SHA512 19706f7d1304b158bd3f3bc47635fbe11e81139fea88fbdbd82f9bb63509dea548c24c91726f4273bd7d6b26e85064089f90dc5869a1c2799779db59ad51b5ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 e20dc3abfbd9c5592714593aa2953ffa
SHA1 608cf43e94da90cc13a783087dda0de7ebbe899e
SHA256 577a33b706b64ea07514ee3340f89a0d6edb260252c36509a36c9d1d0b4e65a2
SHA512 6d3e2556f108a19e2afc40d7c63ddc9e7860f6b772eb687be908cce3ac6869a3d2b0bac59e33ed3e1ed6f8e6ce11cb2b13930b6b9e90879cf2db7cc573b3a0e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4ce188a1-58c5-49e4-84d2-26c10f8d0029\index-dir\the-real-index~RFe592adf.TMP

MD5 ab960bf15bf27fb76fa0635ffff0bee7
SHA1 b3c00f4dcb58e97ff7ab0280c6b6548d5243ceb2
SHA256 21a677226bf5a8ee290dd73b0158ed81c6c46d4fd798a6d479d4226a60c396e9
SHA512 4434b748b8756fd570d1063cc9d0fe1090bd461db31303eae63427adf7f26fa5faaeca76599a982f1ddb254688e41a6de4469bb3ff28deb44b1801ebbeb79928

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 628983559933374b7893c85cf5a69013
SHA1 3cefc30fa588caa70e29e839953a3d7707fe8edc
SHA256 f01c614262151ac6cf39831119180404aaaf2bd049700b99bfb9b8d05df3075e
SHA512 02e00171ed35d2857203eecfbe2b2052cc9b08dda638398e1607683615d4146910da843b736a1e37d8f9e4a5a83ec5ae324f16b71bc14d7aec70c263b8dce001

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591c19.TMP

MD5 c8eb4236c5b4d89596e3087f249cc93f
SHA1 655d073dbdc7849d5e330a4f6c07a73520ff410d
SHA256 5bc26d1482cf093425f33186ef32d2f3f7476d4f71bfc672aed3751d7a4ae909
SHA512 52fae7f594b5349d52ef4b9a589f428f5febc761b9b345f6250c113f83c19f80b6d612a987468c5c705ff7c0c90a68fa67b45a7440b68082e73e3681cd8437ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a98c098e998ec9d67115c7e45d0b4302
SHA1 1e9680f803cc3a1eb8fdd9a535f2763211b81acc
SHA256 c4a560ec4434064145c7ae0c068309da323c07a3e20357d7fdd08c2e8f42b0a1
SHA512 4094eda9ac79d38a16e1878489ad293628ffc536c50aaf77ab01bb426fa903aeb566fa93fb543fe4668a67f72a1beb278ad0eeff46298a59731a1ca8b5d7be68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4ce188a1-58c5-49e4-84d2-26c10f8d0029\index-dir\the-real-index

MD5 f31c233bbc87a0cc8317f2d9dc8f17bc
SHA1 7371cd7a8f91cc1100ccd4c3637842bd5d913c39
SHA256 3984a31f2cd96b4ecf43d22eb390afab560a9f7874941b756bab4fc122ecbb68
SHA512 ae6893baf393ef3bd491203cf54487aa7185e77486736018220dcc3181b88de25f0c6ead390336329c2375a6f8e16965c37349e836b52cba6a957a036f868f8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\82e097dd-a58d-4556-baa5-1158c07c38f9\index-dir\the-real-index

MD5 9aab9588e91c7e5ea9e767b32aec315d
SHA1 5557b0c23e4dc19a674ceafb02e698e2423767ea
SHA256 23651a89af7a976193967a4c57bb8317e86931330089bb711fb3057c22a77275
SHA512 3ee9ffd19789cdf23c512d90154c7dd730f510dee1daf7acbb412c95e04e9ea035be8e87acedce14f66b2fb6ae752ae2b93b443ffb117eebadd043a05e06f1ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dbd3e768f43627fbec594c4b568f7036
SHA1 e65102f4306f0fc4807b8d6ceaee299625d27549
SHA256 a9c6e0db922ec7eee9eb1d79e606d4a3c6cb180c57c7092c7b7fa3fb684a0532
SHA512 92876218fa15e4ccb36351d6105b6e19a531d8d5a203a20ee4cf1513c1c3c82e6d8863744e2868f0ca954adb1af38b360baf5aa229b32ea8272f3c7079bdd466

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9c0a905800247d1f1c361f4ae8da4691
SHA1 1e29622ccfc43ea90075d9c5e01baeb7f5e67a8f
SHA256 875eda8f6e0afb42566a944eb2581107c2b691b37bd2128c585475a81bb945c6
SHA512 4e4103bcc8747734537f4caa0d3d64943716a1e1d9ee37221f2277f3f85f6de11387c4ee3ee87266d436ca46d84b006cefbadba925a3fd64a67b9b01a723d3a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b9eeb0c7dc2ccb7173c23437f4ef80d9
SHA1 20afb625f276b3832421cf062465f58338ed2826
SHA256 af54c5a64d49f7004036d36023bf7ce3882c8bf3d942c0d0ca2fc33b2475a200
SHA512 2fbdc7f8f3f0ee34c3607c766c9443f83bf76bf29ff0daf1e3fc41382e540e07dae327434accce2e6bffedb9c8df387115be2cbec60a7eba1ce131cc1135ddcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a940ed13eb1df44ad83e97cda7c42288
SHA1 4bc36f01425c602cb385b0cd27ec6d655bae1f5e
SHA256 18658569bbdfee1c195f05888ed52ac2e723aa6f1c99d8c76ade183fa47a0e5b
SHA512 2927db5f3e683b5858106f4934576c174cde116b1cb466570da138417713e694dc8817b7420c6cb8a584771f398e6f4e8511e3d73e3d01e544d3070cc0526011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6f90fd02-72c9-4716-91a8-4222debc7dcf.tmp

MD5 30f156a18d8e0b90ec319421b6480da4
SHA1 fa04a85ee3219ece90253f1808624e7a5c30e273
SHA256 0c9a99af8f0a06d1cb508903185f976e1748f793a86ef6e1c67e861dbbc0b525
SHA512 98fc8a4b340ae1108292d07c9fd4dbb7d14b020e477b76578e20b8325b2c348eb3220b78a50778686aa4a374ec86fea3463f3fc3faf635bdf1c3ff558597b2e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb4a6ba75f479ca246b03417914cdbff
SHA1 c8d072fd57ed5c10da72bdad881fab703ea1bbd2
SHA256 02382fa6c8835c9022eaa3c060cdb08021d6a2fa3e965f790724afa0e767f727
SHA512 1dda6fe8254a1811bd1a859703edfa663688da21b627fd1be0cb7419c894a1eff7e16f46ef3cb55ccc5552f0294899e0fec8cbad04ed8b6d51a5771103d45acb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b368e4a42ed88e065b607086e7ed0f09
SHA1 da27ea29d28a1347602bd0f9f5e98df3281b5b31
SHA256 5b9fcc922d7023e9a9ec0e5864e3f3ad45e05280eaf8b926b7e756e7e91d8ec9
SHA512 7b17398e201d5d55addc09ee15b24ece3244bd494ecfe4f2e34c231e630d4ba62e8a9ec7b6e69ddecc58377e178c5d1c3d908449eb129479b232d70bae57aeaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1ee4a11467a82f0622346dde81a394eb
SHA1 6783d577505c5f127dd8b9c9603cfce886738120
SHA256 0860b5e39ce6c1969d13783d33cdfeb0214420448f2eba90c7e22c8012959cc4
SHA512 9689e37dd1a83d6e4d2b32fee95192c38844bd9c253686459f47ef1def6a790d4117a8fa246e52a9f34450c9a7210094e03b6200297e547dce48c5c76568e5eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aada5c7bb8d5915a8b35f354a010a519
SHA1 785230c359b51560f43074948796f0f9f81461cd
SHA256 25bf4b8242a77ce6609a04f1d13aecaddd755a4beaeca3346cf17348c33b7afc
SHA512 a9a93d2aa3e1dacaadea66fbf5750bb4ba1ef6e9d7f75ac566d0f85874642d00043872d9f0d1c649c5269cf98c0e47a17335d65e41091c11f3a5be0b50f8d0b9