Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-f4ve7sbd9v
Target c461a6c13fbba7d761e9151b6eb589d2.exe
SHA256 e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80

Threat Level: Known bad

The file c461a6c13fbba7d761e9151b6eb589d2.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine payload

Mystic

Detect Mystic stealer payload

RedLine

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 05:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 05:26

Reported

2023-11-11 05:29

Platform

win10v2004-20231025-en

Max time kernel

150s

Max time network

170s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c461a6c13fbba7d761e9151b6eb589d2.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\c461a6c13fbba7d761e9151b6eb589d2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3916 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\c461a6c13fbba7d761e9151b6eb589d2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
PID 3916 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\c461a6c13fbba7d761e9151b6eb589d2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
PID 3916 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\c461a6c13fbba7d761e9151b6eb589d2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
PID 2948 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
PID 2948 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
PID 2948 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
PID 2368 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
PID 2368 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
PID 2368 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
PID 2756 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 3644 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 3644 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4872 wrote to memory of 2432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4872 wrote to memory of 2432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3644 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3644 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3712 wrote to memory of 2840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3712 wrote to memory of 2840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5084 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 4288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 4288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1508 wrote to memory of 1556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1508 wrote to memory of 1556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2756 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
PID 2368 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
PID 2368 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2972 wrote to memory of 5752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c461a6c13fbba7d761e9151b6eb589d2.exe

"C:\Users\Admin\AppData\Local\Temp\c461a6c13fbba7d761e9151b6eb589d2.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff881c446f8,0x7ff881c44708,0x7ff881c44718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5533037726299113487,12440914022379011274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11713436127582088005,10742565629467735698,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3037925166235044527,5330918988080227142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3037925166235044527,5330918988080227142,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9551279834146661244,16681442723227996233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9551279834146661244,16681442723227996233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5533037726299113487,12440914022379011274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,8016374487096556678,13405991228879693665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,7205884964469271608,9627845434142959491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3450269903452809318,9118939957785493142,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5492727330226316352,13345495824249465122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,8016374487096556678,13405991228879693665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,11713436127582088005,10742565629467735698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5492727330226316352,13345495824249465122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,7205884964469271608,9627845434142959491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3450269903452809318,9118939957785493142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16951496220558251352,5208772930686773320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16951496220558251352,5208772930686773320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MJ25nP.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MJ25nP.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7332 -ip 7332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8100 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8100 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Ma590.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Ma590.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,6971006870948982589,11520099910980073414,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7740 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.paypal.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 104.244.42.1:443 twitter.com tcp
US 104.244.42.1:443 twitter.com tcp
US 184.72.173.149:443 www.epicgames.com tcp
US 184.72.173.149:443 www.epicgames.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 149.173.72.184.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 112.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 68.232.34.217:443 video.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 104.244.42.66:443 api.twitter.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 104.21.53.57:80 killredls.pw tcp
US 157.240.5.35:443 fbcdn.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 fbsbx.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 104.21.53.57:80 killredls.pw tcp
US 192.55.233.1:443 tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
NL 142.250.179.163:443 www.recaptcha.net udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe

MD5 73c2ebb34df36e61fd19c654642cfe6b
SHA1 18b85d4374fdca675f4bd29692a005da58692ffe
SHA256 3741ec097aea79e32bd819ee58b12c0ad85002e836ac3631d1797ab51e655ff9
SHA512 0cdc5b710fffd2b9e53c7b653cfed462d21f7b5a185388804b72b1ae4cc64980284e7d8fa7d49c14872e3aed3cf639887a3270cf0072f08fa4650f14bc113f47

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe

MD5 73c2ebb34df36e61fd19c654642cfe6b
SHA1 18b85d4374fdca675f4bd29692a005da58692ffe
SHA256 3741ec097aea79e32bd819ee58b12c0ad85002e836ac3631d1797ab51e655ff9
SHA512 0cdc5b710fffd2b9e53c7b653cfed462d21f7b5a185388804b72b1ae4cc64980284e7d8fa7d49c14872e3aed3cf639887a3270cf0072f08fa4650f14bc113f47

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe

MD5 ee5a3bda6aa5b07219ea2db663a1019b
SHA1 19a0368167b23739863da06b89f3dd56ce4a7f71
SHA256 c94180f824f108206b039ac6f43279af3afd8c1dbf92aa665c1259a2e88e5ad4
SHA512 f53fe3fa79829e927c6bcb95093e4c4c466fdc7bb3caf2cecf493d93e8fa769866c21ac639580a681619d654f8335fa8cf829377d62243be992bdd1cc7f370db

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe

MD5 ee5a3bda6aa5b07219ea2db663a1019b
SHA1 19a0368167b23739863da06b89f3dd56ce4a7f71
SHA256 c94180f824f108206b039ac6f43279af3afd8c1dbf92aa665c1259a2e88e5ad4
SHA512 f53fe3fa79829e927c6bcb95093e4c4c466fdc7bb3caf2cecf493d93e8fa769866c21ac639580a681619d654f8335fa8cf829377d62243be992bdd1cc7f370db

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe

MD5 4c8a590f38952df00263b502601581af
SHA1 da91394214298bf392ad0fd4ca6d325e7e920d42
SHA256 f5faa92aac63c6b9777cfe4204a92c326665d30aa8312b4310a42145a8acc1c6
SHA512 3bd80ec855cdd0aee201a91891e00d0e43a1ed7c7cba9b9ebfd0362b87b20c3a580f3ad54d07af8575587d2ce7af502a893a08d43fc042e0b0a677c6b017fd6d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe

MD5 4c8a590f38952df00263b502601581af
SHA1 da91394214298bf392ad0fd4ca6d325e7e920d42
SHA256 f5faa92aac63c6b9777cfe4204a92c326665d30aa8312b4310a42145a8acc1c6
SHA512 3bd80ec855cdd0aee201a91891e00d0e43a1ed7c7cba9b9ebfd0362b87b20c3a580f3ad54d07af8575587d2ce7af502a893a08d43fc042e0b0a677c6b017fd6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe

MD5 b3ce354edb895bb87b53a344bca9c915
SHA1 64d64820920298bfe5d37a13de1976b1767aea24
SHA256 099c4386f5ae6860e0426cf85b3320e110de83d6b4a523b39ad45235cc5c3f77
SHA512 0ca3371dd3b1852138ba625f5451972b0f5c6ade805ec4f686aea8312c5c182424b533a2eaa1f43619f1037ce5831c9d777c9d14769e94d7cabb66bb0a0b0e62

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe

MD5 b3ce354edb895bb87b53a344bca9c915
SHA1 64d64820920298bfe5d37a13de1976b1767aea24
SHA256 099c4386f5ae6860e0426cf85b3320e110de83d6b4a523b39ad45235cc5c3f77
SHA512 0ca3371dd3b1852138ba625f5451972b0f5c6ade805ec4f686aea8312c5c182424b533a2eaa1f43619f1037ce5831c9d777c9d14769e94d7cabb66bb0a0b0e62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_2972_TAIUPXTVYKRRSVDY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3988_BLVTJPSFOWRPKMAK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2528_ZWXHCIJKDOUERIFE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3712_UYSUDHEFVQNSHPUQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5084_TLHCLNAIDUUSFHEW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1508_QUHUMBHXKNUDAXDI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4872_RUUCIMVVCDPLTLSV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_1208_GJFGSFBLKRZHRTVR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3644_PWRIGXBJNGWEJVKH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dfed2dad57e10cda4239a9beada3fe35
SHA1 9b42c45783c294e11eaa34dab48ca1bec262722a
SHA256 9d840f52024623263ec0f163be1020bb7bb33a1fa8354b5997e23eccd7c2a620
SHA512 4141dff5d02d7ea575d1d4af3c6b89ad3f540619bd617889bcb4ce15b18c97e2482939724c7dadb9a337a1986389d7d8b79d634bf06855831dbef1dc584ffc1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dfed2dad57e10cda4239a9beada3fe35
SHA1 9b42c45783c294e11eaa34dab48ca1bec262722a
SHA256 9d840f52024623263ec0f163be1020bb7bb33a1fa8354b5997e23eccd7c2a620
SHA512 4141dff5d02d7ea575d1d4af3c6b89ad3f540619bd617889bcb4ce15b18c97e2482939724c7dadb9a337a1986389d7d8b79d634bf06855831dbef1dc584ffc1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8335885d-67e9-4cd6-adf7-f9d9e72cfefe.tmp

MD5 bef6c7ae204af29d55cc9f2934d97b97
SHA1 4002f046325bec56d413644f6358d5d43e6eda04
SHA256 7e0062617004a4767a9fe112cf3cc79073b977c713a1cb9babda9f6b02d76a37
SHA512 b8c81ae5422825d3c4722f272ea63eba1a776d0a9d75ff3e9b05e33b49cec83fd18d1757d0a9549cc33df3fb0fb325641d8d8d590e5576705eb5cfaa81bea2bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0b8991df-f868-4cc0-9ccf-79335b45523b.tmp

MD5 f2df9dc884badf23791416e2323530c7
SHA1 ce9a3bc50d26012cc8ed7af1754fbb42c116cb24
SHA256 92d675621097d25f85139b061bd24c3fa4d6760d58f7acb5a6ee0fa8becd2382
SHA512 d7d4d45a9680d774d74dcf04cdfe2e1f36dfad8437166de59c7cf2b1802d8f433882c407acdbd2ef938ff57cb27917ac2842525b980ff75411fdd5537165017a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5860466600fecf1911fd60f4c0200d65
SHA1 5c3c779b7b067e99018f1d09c09db10768dbec6c
SHA256 5e45aca1abe2575d54085556e7aac53200580bebc08a52ba6996922ecd33d45a
SHA512 7a1af26c0d94abc40c17288b2e8cc0a95041c81c9a42f5f5190ce9b4bb66c2eb30f9e3e391db95d3223abb9818978f800b4439c08275fac4b67ef5c0a40210a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c46c098b-5dcf-46d1-acf6-8801272ef0ec.tmp

MD5 f0c6cf8902a6951e37d5e1fb1c60fe0a
SHA1 db9bd8b8878c386a971a68be68ffd5285a89e60e
SHA256 3257f5b9ed9a600bb839dc59ee06b250bbf651c1909515737f7a034e06ba130c
SHA512 24f08c32771be3dc1a76ff7c6ec3ace146a0c24cdc77fca1ef715653e80844b573447f0c053008e8ceb82961bd0392459846f785e9c7ea32c0de1cf441fa8897

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\670d0624-7486-4add-ae3e-939add29a0fd.tmp

MD5 cfde62ced294cb1a1aefd34074c3de5f
SHA1 986524171f2f412e81e5be3191f10e9d159a273e
SHA256 f15a877ec7b993d0c1deafc71e930a95deb1050ad35171ecf07aaf5a21c52e18
SHA512 09603595dafec9c3a1aba9cf87b78ce246ff384ba8ef023c131c7bc3fd9b0d78d016594fe2f22e608b0a4efbacdc332798db4facd55af4b90188d5ff8f267406

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5860466600fecf1911fd60f4c0200d65
SHA1 5c3c779b7b067e99018f1d09c09db10768dbec6c
SHA256 5e45aca1abe2575d54085556e7aac53200580bebc08a52ba6996922ecd33d45a
SHA512 7a1af26c0d94abc40c17288b2e8cc0a95041c81c9a42f5f5190ce9b4bb66c2eb30f9e3e391db95d3223abb9818978f800b4439c08275fac4b67ef5c0a40210a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8b0bc179a8c3ce35a8d02bd995e79e8
SHA1 5c323b8900f928f75d7a8edc95d98daeb0434deb
SHA256 5a189340f4fed07d68e21a14083d6fe738b43513016b9415e456f6021aca0a0e
SHA512 8b6ea814131831edcd560e013159bc56e12f7476ae236cf77fac32c32391a5fc63c799eacbc2b14eeaa8ddb5b98175a86c64a5d52e8c9d959b8fcf175143695a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bef6c7ae204af29d55cc9f2934d97b97
SHA1 4002f046325bec56d413644f6358d5d43e6eda04
SHA256 7e0062617004a4767a9fe112cf3cc79073b977c713a1cb9babda9f6b02d76a37
SHA512 b8c81ae5422825d3c4722f272ea63eba1a776d0a9d75ff3e9b05e33b49cec83fd18d1757d0a9549cc33df3fb0fb325641d8d8d590e5576705eb5cfaa81bea2bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8b0bc179a8c3ce35a8d02bd995e79e8
SHA1 5c323b8900f928f75d7a8edc95d98daeb0434deb
SHA256 5a189340f4fed07d68e21a14083d6fe738b43513016b9415e456f6021aca0a0e
SHA512 8b6ea814131831edcd560e013159bc56e12f7476ae236cf77fac32c32391a5fc63c799eacbc2b14eeaa8ddb5b98175a86c64a5d52e8c9d959b8fcf175143695a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\abd59dc1-d8f5-4398-94c0-cdeb2ec88236.tmp

MD5 175e3ea70224bc90bd481313884fac0a
SHA1 0dc0427f9fc84347027e2c11b2db3e3d13196f22
SHA256 4178779dd9f6a82a0ba822e8bb92729702d0b40d215f79878b4fb20dadcc6144
SHA512 c738720a373363e878429246f44d7d42b3a7d79fe0ffe7b332b83b5daeba503a00cdbe486a493e722635fc675b6e6b9d49da573880f9b3794a0d9f9faebb58fb

memory/7332-267-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5860466600fecf1911fd60f4c0200d65
SHA1 5c3c779b7b067e99018f1d09c09db10768dbec6c
SHA256 5e45aca1abe2575d54085556e7aac53200580bebc08a52ba6996922ecd33d45a
SHA512 7a1af26c0d94abc40c17288b2e8cc0a95041c81c9a42f5f5190ce9b4bb66c2eb30f9e3e391db95d3223abb9818978f800b4439c08275fac4b67ef5c0a40210a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6c3528a1-f219-4334-b276-108cd0bfd39c.tmp

MD5 d6dbb1e4dfa863a6b89cf3ca9a16a56a
SHA1 4353aa9a3b4ed5c0f097b59ebd96b6a2519428e5
SHA256 5bfe55725b97f7075c01c22586829316f508ec298d297d768149f7a6455549bc
SHA512 b40eb3c3bc578bddce2dc4a269910e890573fb4832fdeb13fb39bcc63dbc6dcef4ec950c60b89328dd8198184b070e354db329b4f2fe95cee2794568ee11d031

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0c6cf8902a6951e37d5e1fb1c60fe0a
SHA1 db9bd8b8878c386a971a68be68ffd5285a89e60e
SHA256 3257f5b9ed9a600bb839dc59ee06b250bbf651c1909515737f7a034e06ba130c
SHA512 24f08c32771be3dc1a76ff7c6ec3ace146a0c24cdc77fca1ef715653e80844b573447f0c053008e8ceb82961bd0392459846f785e9c7ea32c0de1cf441fa8897

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dfed2dad57e10cda4239a9beada3fe35
SHA1 9b42c45783c294e11eaa34dab48ca1bec262722a
SHA256 9d840f52024623263ec0f163be1020bb7bb33a1fa8354b5997e23eccd7c2a620
SHA512 4141dff5d02d7ea575d1d4af3c6b89ad3f540619bd617889bcb4ce15b18c97e2482939724c7dadb9a337a1986389d7d8b79d634bf06855831dbef1dc584ffc1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfde62ced294cb1a1aefd34074c3de5f
SHA1 986524171f2f412e81e5be3191f10e9d159a273e
SHA256 f15a877ec7b993d0c1deafc71e930a95deb1050ad35171ecf07aaf5a21c52e18
SHA512 09603595dafec9c3a1aba9cf87b78ce246ff384ba8ef023c131c7bc3fd9b0d78d016594fe2f22e608b0a4efbacdc332798db4facd55af4b90188d5ff8f267406

memory/7332-294-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7332-315-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8b0bc179a8c3ce35a8d02bd995e79e8
SHA1 5c323b8900f928f75d7a8edc95d98daeb0434deb
SHA256 5a189340f4fed07d68e21a14083d6fe738b43513016b9415e456f6021aca0a0e
SHA512 8b6ea814131831edcd560e013159bc56e12f7476ae236cf77fac32c32391a5fc63c799eacbc2b14eeaa8ddb5b98175a86c64a5d52e8c9d959b8fcf175143695a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f2df9dc884badf23791416e2323530c7
SHA1 ce9a3bc50d26012cc8ed7af1754fbb42c116cb24
SHA256 92d675621097d25f85139b061bd24c3fa4d6760d58f7acb5a6ee0fa8becd2382
SHA512 d7d4d45a9680d774d74dcf04cdfe2e1f36dfad8437166de59c7cf2b1802d8f433882c407acdbd2ef938ff57cb27917ac2842525b980ff75411fdd5537165017a

memory/7332-295-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7613142c15e5798641d867673939ec39
SHA1 492bb1fe07ac0586ebacd626446546eea91dca0e
SHA256 bb748f0981ecd6f7503f891b08623d659e98222702c0bf3d0e102f0530a19ac6
SHA512 e0c48aa6989a15d2c983d40e26af5d7ad62b9d8f6d27b43390fecb6c20548d0f98f6c4a630fdeb9f26b0b4425629400d7f55a7c9c87d7deffbfc493193b950e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d1d29f9681e6c80e5c303467d4023db
SHA1 14e92995a2fa5fa3027fd10de1ce38d6cd1dffdc
SHA256 6035fe8c7b8f0eae208a47fa7d89b38d0f27cfbd71819e6cc320a6a47cea6b5c
SHA512 ddfdfe3398867b7366eff991a6d6ee243401c025fcce71b8f4a88aab6055549b178ffc0f0b1dc701afce59ab49d495f7f63838739327eb44797424a4b2b93aa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ce6013cd161384c71e05506d397685d
SHA1 aba7104a72da2a2c61a646c53f9ce8a65b553fb1
SHA256 883c6ef6ab4b6e1468597f6ac2fb0630ab789cd65c5f61f6f6826b731c6f37df
SHA512 2ac2e4a602ce13b949262fc3aa5af62f8500dbb0ca46dcc55791c1bd795b29645e087fac050086523b09ef572fcf02373836961b5dabc698bbcdb8b9d7bc91a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 10b4b84a044c0a0a833a677aae35c7e8
SHA1 39389685e71bf548423d6c29047e091c49e00ea9
SHA256 4ae7cf94c570b343f40cffeacbeb39b04ad0243a0a1c2aa1a969835228a51097
SHA512 ba29b8d674452e77ed54f441142d32d2d9b3dbec1f4f7f7baab2a8d8f2413381d1f28f4f1e6ee0ad6285252634a5c6d825a06f9b6bbb33d470c77688c36e4899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

memory/8400-451-0x0000000000400000-0x000000000043C000-memory.dmp

memory/8232-508-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d155.TMP

MD5 ce9f217ab36fb8d1edc104128a4e209f
SHA1 24b95ee9d72e9decbdbc17a01ec9f66cc0407d8a
SHA256 ba05114d5a82be2d3db3087e50a28001bde24a48ae8f49eb4a8033ca9c851afe
SHA512 3991734a853a31be3d852ccabfb9a3be9ee1f534e733ec51c37e4fd0748f307938ccb386159ae1844b142e8d6a7acc3a8be40c57d5229acc4346ff21564e9033

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 37c40c53770d5a503d9c8755312e8422
SHA1 3d9e66132ecf4a3fd4ac1ead412368f128b05fe0
SHA256 e6a42375c6bf1ffdd4dac6d3cf9dab2f1a6b3f498c036e0d84e98fe43ce85e82
SHA512 e53c179a50480af5a6bb5984dcf47dc4ed491187cd003a24467d27f4e9c3dc17ce696a7073881bea93ba33e36482f59bcf1eda082a689ad290826a25b109b048

memory/8232-534-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8232-547-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8232-549-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/8400-607-0x00000000743B0000-0x0000000074B60000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/8400-629-0x0000000008020000-0x00000000085C4000-memory.dmp

memory/8400-637-0x0000000007B50000-0x0000000007BE2000-memory.dmp

memory/8400-645-0x0000000007AF0000-0x0000000007B00000-memory.dmp

memory/8400-646-0x0000000007C30000-0x0000000007C3A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7165425aa9a7c7fc2a7eddfe22425621
SHA1 7df6615de4230bc6b5bc813a95b1e99d0cd5650f
SHA256 4c5f9521be955efec0cea5ec45a23090f63edbe71761e1c570180d8e2b2b6432
SHA512 ba8b299dd24ec2d4a01fd5f4a905579b65f0a320338bbed0266a083f8519ce4e83938834805f7ebfb1fea0c59522c2f305e032727c039787e0af80f622b9deca

memory/8400-688-0x0000000008BF0000-0x0000000009208000-memory.dmp

memory/8400-689-0x0000000007ED0000-0x0000000007FDA000-memory.dmp

memory/8400-690-0x0000000007E00000-0x0000000007E12000-memory.dmp

memory/8400-697-0x0000000007E60000-0x0000000007E9C000-memory.dmp

memory/8400-703-0x00000000085D0000-0x000000000861C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d870ca7446faf8dbccc80fb4f6dcdf13
SHA1 bbd7656afcca5067da0a0256c7053a7d4582f29d
SHA256 2ab9bce09ef614933cab3f2e5e215cffd069ba34a3c6d280eecd3a2b2c7071d9
SHA512 654a8290f2cad1bd4b0ef0689acb210fd980b964748008d5f736bfd14f08ee52dddbaad157ae10baf4fc81daac0876e26ce5e0dd1bebdc8dc04ee91737a88c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/8400-833-0x00000000743B0000-0x0000000074B60000-memory.dmp

memory/8400-836-0x0000000007AF0000-0x0000000007B00000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 761a8c786a983f8cae29a9308085b2cc
SHA1 a73ecfeb5bef6b713850f9d1eae71b8e164677b3
SHA256 6af980e655840b4e64270ae80d427c04061d022c331c9b2131ab31189e9a4880
SHA512 2e078a77a3af0a00941fe4a07147eb5c04e6803317cf4cf603c6bca7a4fc94988cd7494e93d293f2e31595c12f8b1ba6ea9d3ee6503e6a4b09d68ddbec697430

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5979ba.TMP

MD5 af9de8682fcee403026e14bfe7e7a16d
SHA1 4d4c44fbad1932e0b11f8b3a0f06e69f20195142
SHA256 48d6c4254772e8a8026235c68013ed033e05446eb19191cec621c82efa36ac8b
SHA512 403e962f20fc5f2eb6f5a6e52f9e3a967a41fbaff5d8e11f10124b5b4296c270e8b0502f84e28818ae0d263956b1c49bf3db9fbb2663a647e18f6d0c93bc2360

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 222ae35befb482eade79480efe275e91
SHA1 669f17427e1a025290592d8a140804671ea1f6c1
SHA256 ffa2017b07e044f5fc153883cadc7125608db9a8f265cdd5df0509f8ed196dae
SHA512 5ae7279f27e6e7338a6e6fa24a31808e39d2148aee244d4e7bbb999d50c1cb92f87ffc2a71742a21cc483da747da5fa5fd3c0eafda47888fa00f6eb162c9281a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9fdad5d60d25692cac45fe959ce67cd9
SHA1 6a095eabea4491c7c3c1eced7fe41531913b2e7d
SHA256 76ebc7501f376838de6fbd946dbea5eb3c8373c568258bd4d849163ec5027775
SHA512 3d4b52e57f23c9a89d5e5294d404ab5320251b946c5ddb271b8fe318724b4d7e4fed077f877bb75d30df9956b5fd628f951973e33539dcac1cef5315203ee80f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6ad449ef7cefb7f6c77a544d2613fb29
SHA1 58fb2adbd6b6368b1e602e7c2ae3a2a322785b37
SHA256 1ac64b12339b5b22f36424d0e4702aca0ce46fcd06ae5fda46cbd10a38623897
SHA512 1057755730bb04b24298f95e3d78e648a2df1fefc70ac059227b92835009b38356579dbac207bef6cddf554043dacade51e11c7c950009597a48946ec18fa37b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 3e723ea704e7117181e3d4ba8a6e6cf0
SHA1 5476c157c101cc46145a856272d624e97e9c09ec
SHA256 0a5d93d7386884459bd9df12833345d5e0a1ec6870a9328b20fcdf475da3bd68
SHA512 c983d476aa8809d76c3b08284b1d1a0b73568b8502ba1dbecaee49f4d310414a6cf6d89be441ddff753bd90ce89f4013206c7ab21c816f93f3f4a911e7c73635

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a6275e56-9a44-47e5-a39a-9ed34601ea70\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fc86c0069330517044f56da05e6e3670
SHA1 99bbd6cfb3a1e87f94d80e2337985dabe676ac1b
SHA256 3bd90ef504e039b26f49d11b3249bc10cfffd654962048fd7c3a36878800caa4
SHA512 530e0c6922b8afacf69411f46b9d38c929a1f758ded91724bf35ba4dc7ba1e14de7c7b745622b552943866c15a0a3ed5548cbdda59287649e909372d615629f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ac6e3eab2f40c73bf93187c9e3498e2c
SHA1 89347e31737d279be8014201cc1db7c8bce7a544
SHA256 a859f0a3e36325536359d80d30505046e2985b62dcdd64d076da48fe8ceaefb6
SHA512 70273a90993cefd03f5d110b0ec5ed73fc65ab14be80d8aeed04c609bcee5aad24428aa592359ceb4ded03a71119d36a231f3568d0850d164b0078afc35239cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e96827576e14d41c9e203b43d567af6a
SHA1 4c4e5853146fb55f8418ec296fd3caa19cea82db
SHA256 3c81a8686d607c0a16a064c97927704de77f91bf3c792fa37f7ff3255a220cb5
SHA512 0cfda6b1be24ee79eda045b0878e34601d9de79dc017dae8677122c163d8fb0ff9c3cf252162342afd2f7eb6ef4cd17f0721eba7756c90bada44e941fc26ce70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e09f65045df6b100764fe87121d9ca25
SHA1 6524bdc1fa4a982ae4823cdbd6584ec20b912a6c
SHA256 a179e73ed2f05e089b2da10041b94470200fe63efe20fb07e42b75a9a90a0b3d
SHA512 2fa571c0cfa35d101ac416fbf1a27092da5bc685f659ff799c24e6186662d9cfb60c12be70d70e2c8fe632e548fe07a46ca04eef6941d29f924b6de280291588