Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-f7pzwscf48
Target 1a23f3282c9548f9d213928ed130ef80.exe
SHA256 7561f71993904d236e9867ddf0f8fb1d1c3420fb3aedaba38b6ac2b0c844ed44
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7561f71993904d236e9867ddf0f8fb1d1c3420fb3aedaba38b6ac2b0c844ed44

Threat Level: Known bad

The file 1a23f3282c9548f9d213928ed130ef80.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Mystic

RedLine payload

RedLine

Detect Mystic stealer payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 05:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 05:31

Reported

2023-11-11 05:34

Platform

win10v2004-20231025-en

Max time kernel

168s

Max time network

175s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a23f3282c9548f9d213928ed130ef80.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\1a23f3282c9548f9d213928ed130ef80.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4640 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\1a23f3282c9548f9d213928ed130ef80.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe
PID 4640 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\1a23f3282c9548f9d213928ed130ef80.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe
PID 4640 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\1a23f3282c9548f9d213928ed130ef80.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe
PID 4024 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe
PID 4024 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe
PID 4024 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe
PID 680 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe
PID 680 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe
PID 680 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe
PID 4804 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4756 wrote to memory of 3388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4756 wrote to memory of 3388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3748 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 1096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 1096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4104 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4104 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 696 wrote to memory of 2084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 696 wrote to memory of 2084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4976 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4976 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 1628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 1628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 680 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nf6BY9.exe
PID 680 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nf6BY9.exe
PID 680 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nf6BY9.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1a23f3282c9548f9d213928ed130ef80.exe

"C:\Users\Admin\AppData\Local\Temp\1a23f3282c9548f9d213928ed130ef80.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x188,0x18c,0x190,0x164,0x194,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff90b0846f8,0x7ff90b084708,0x7ff90b084718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nf6BY9.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nf6BY9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16764338306305689441,16865675650481589945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16764338306305689441,16865675650481589945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11145876014913068113,4696985062058784756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11145876014913068113,4696985062058784756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,8781171141811068,174762261641497794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,8781171141811068,174762261641497794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,2174631408520495853,14559224210477645424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2174631408520495853,14559224210477645424,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5149130729026238539,16719298824065218679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5149130729026238539,16719298824065218679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10294638542123726167,9236661152003466101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10294638542123726167,9236661152003466101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2182073536762512003,3328103551860541694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2182073536762512003,3328103551860541694,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9004872029397447640,7498008409167154388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9004872029397447640,7498008409167154388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5365159086632407796,8178091769274583746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5365159086632407796,8178091769274583746,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5VE99Sl.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5VE99Sl.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7896 -ip 7896

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6uD229.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6uD229.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9372 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,8838478709793617182,3501623394204177421,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2340 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 44.212.121.244:443 www.epicgames.com tcp
US 44.212.121.244:443 www.epicgames.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 244.121.212.44.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.paypal.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
NL 142.250.179.163:443 www.recaptcha.net udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 152.199.21.141:443 abs.twimg.com tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 login.steampowered.com udp
US 104.21.53.57:80 killredls.pw tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe

MD5 a88a701b705403da1eaa3d48a64e5460
SHA1 6aacc2a7e8418a60b7ddd3dc7ed2b0e7a460f70b
SHA256 0e0b9f17babbcc238682cad73343bb06df3b67e94921ec42e533d02ab056c2fc
SHA512 2afb5ad2d012cd81f4c2fd7a80c547496e22e6c763ab6ce6c01bb498fe151b7f5239a42d11531529e2b5a99803fcc5bc15158b3492ef57542769aa10bb84ba67

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Nm6ru85.exe

MD5 a88a701b705403da1eaa3d48a64e5460
SHA1 6aacc2a7e8418a60b7ddd3dc7ed2b0e7a460f70b
SHA256 0e0b9f17babbcc238682cad73343bb06df3b67e94921ec42e533d02ab056c2fc
SHA512 2afb5ad2d012cd81f4c2fd7a80c547496e22e6c763ab6ce6c01bb498fe151b7f5239a42d11531529e2b5a99803fcc5bc15158b3492ef57542769aa10bb84ba67

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe

MD5 b8831e4e369b9730bf9aa0362aac2dee
SHA1 2f73fd6170f80e9c5455477fbd4f05d6259e90c4
SHA256 a41de1bad725f7f18aa2fa37af4162748ea744928778fad9fafb48a3e7788f81
SHA512 87d28e662c7b0010c674cf88a3771462b9d1cc2cc01d58b48b720b8c89926b113fa4ab909311038c99b2906ddb0343936b025441d9ae7cf276e4d59ef685a0e0

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Yz2Or75.exe

MD5 b8831e4e369b9730bf9aa0362aac2dee
SHA1 2f73fd6170f80e9c5455477fbd4f05d6259e90c4
SHA256 a41de1bad725f7f18aa2fa37af4162748ea744928778fad9fafb48a3e7788f81
SHA512 87d28e662c7b0010c674cf88a3771462b9d1cc2cc01d58b48b720b8c89926b113fa4ab909311038c99b2906ddb0343936b025441d9ae7cf276e4d59ef685a0e0

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe

MD5 c89ddcb1cf2473e37607f982d6cfbddd
SHA1 093bacb46f5f2a2c219a0bada559302e6e086cbe
SHA256 fce010369b0904b11616208ccf06d4d1140ecafa46287598b472cfd8dbad6561
SHA512 5fd83e951e0e54644c10ae4efef0ea341b9b3488b5a4fda89cdefbc8e2f2456df6bb790ff2247948f99b27b6f316c3b332c7dc64fe35e07316713a06c506428d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ug965zD.exe

MD5 c89ddcb1cf2473e37607f982d6cfbddd
SHA1 093bacb46f5f2a2c219a0bada559302e6e086cbe
SHA256 fce010369b0904b11616208ccf06d4d1140ecafa46287598b472cfd8dbad6561
SHA512 5fd83e951e0e54644c10ae4efef0ea341b9b3488b5a4fda89cdefbc8e2f2456df6bb790ff2247948f99b27b6f316c3b332c7dc64fe35e07316713a06c506428d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nf6BY9.exe

MD5 3322929a4f9286c5062971cfa79bcd19
SHA1 d66b0c21f593119c60e4cd8f9ee1d72c3bc170ae
SHA256 72d6b4406c2783fdafaf4fee4f8568ed277219c53742f55264527b9c3adc809e
SHA512 cbe33e987f1a51155ff138ef51720df9558743949a6adedbfe81ec49d3c994d509eff6bd18216d9cf13190104d72779c268f5b90532c9d976db9fa3dcf867bb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nf6BY9.exe

MD5 3322929a4f9286c5062971cfa79bcd19
SHA1 d66b0c21f593119c60e4cd8f9ee1d72c3bc170ae
SHA256 72d6b4406c2783fdafaf4fee4f8568ed277219c53742f55264527b9c3adc809e
SHA512 cbe33e987f1a51155ff138ef51720df9558743949a6adedbfe81ec49d3c994d509eff6bd18216d9cf13190104d72779c268f5b90532c9d976db9fa3dcf867bb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_3032_TQMXAHEPETYFVQLH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2712_LMQMYNMCBHIOPBTF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2940_HPUWSYYLSCWHITEX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4104_NCXHQECJAXEJYSDU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_696_OUNQACWZEOVOYCJZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1128_CMNQWQONKGGZKXQG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4756_FBSLVOSDZCIVMJXK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4976_UIJSSOKJQEBQJCAG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_1592_GAJPVIPLZFTTWVQZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c6779bb9665e70857395599edcafad1c
SHA1 ee19c5f24a69ededfde1557c335a7b928a495fba
SHA256 f6e80108ac843896942349716ea21fcdd89f44cd893882bbad220e3b38046493
SHA512 393d8ed4e651c5a5131f4bc28e2a9def6a686707ffaf67fbe28dc2244cee66494d32fac3e87dcd3f2cee5119b471924af6d7cd8001f1ebd4918812fb3aeb61bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c6779bb9665e70857395599edcafad1c
SHA1 ee19c5f24a69ededfde1557c335a7b928a495fba
SHA256 f6e80108ac843896942349716ea21fcdd89f44cd893882bbad220e3b38046493
SHA512 393d8ed4e651c5a5131f4bc28e2a9def6a686707ffaf67fbe28dc2244cee66494d32fac3e87dcd3f2cee5119b471924af6d7cd8001f1ebd4918812fb3aeb61bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 10e0d05b78ebd93d53259fb6cde103f8
SHA1 d48348e4edb6ced30b3cdaef452bd3614bb14925
SHA256 9e2a2efb22e71b6e398d68609422237a7986c555a6fe48ec4c7169ee29acd1ed
SHA512 43f10e8d2a1ee4220d3bf169a7913246bd8f7175d53690e91d3305e6beeb5c2b3acc8023140a6763f34628c8f6b889b527a6701cb3c889e7a3bc43909c5c93ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 10e0d05b78ebd93d53259fb6cde103f8
SHA1 d48348e4edb6ced30b3cdaef452bd3614bb14925
SHA256 9e2a2efb22e71b6e398d68609422237a7986c555a6fe48ec4c7169ee29acd1ed
SHA512 43f10e8d2a1ee4220d3bf169a7913246bd8f7175d53690e91d3305e6beeb5c2b3acc8023140a6763f34628c8f6b889b527a6701cb3c889e7a3bc43909c5c93ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 33ef8d12d85224beec538efb46ec62e9
SHA1 32a132d39da1b2efd57805204a5837c68517053f
SHA256 fdb4fb70f3f0d65bd64824794da5b90487d5b3b52628128903b614e7fc7cb33c
SHA512 5959f0a7b805a5d96485a8a7b1c9f3349530be65cfce9af6448b6cc38b3d4635155ca868a382a26bce9bc18d7e0b1f9ba799b4d6e1ae8aff5c9e2fcb473c36fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 33ef8d12d85224beec538efb46ec62e9
SHA1 32a132d39da1b2efd57805204a5837c68517053f
SHA256 fdb4fb70f3f0d65bd64824794da5b90487d5b3b52628128903b614e7fc7cb33c
SHA512 5959f0a7b805a5d96485a8a7b1c9f3349530be65cfce9af6448b6cc38b3d4635155ca868a382a26bce9bc18d7e0b1f9ba799b4d6e1ae8aff5c9e2fcb473c36fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\850e4e41-ec13-40d8-a4a1-31ba7a1dcffa.tmp

MD5 6c04505e6f545fed0c85c4b6ab35e58f
SHA1 f2ca26ac10d0ca84a15bc47a867b2cf54cac7166
SHA256 5dc7f10bc17a2891c899856cc1ed89189bf250d05ed7306e3ebd77fee440fc9a
SHA512 29dcf7053768925ad0534290c3329f827634d190408ae029aae56934902366d42a727dc5582294381a281be21812d390f68631133b6f3506aa91ea9258bca09e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 59fb914564122ec52254e4f08e22e6b5
SHA1 6b9ffdba9e80fb82f0c45f2beb00df99ed7a76c7
SHA256 1c6608d866b553567946900ed341f2b2f988b15cda45cd947e044184a1163408
SHA512 ec49a0c456a0fba9c125d2e4aa0459d03d9e5d1e1f5a8802fe2a933a65310b902c8bc13ba1dee30572fa59cd3e2ec3c2f29b4ec15dab0eafcfd95791f1aeea16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 33ef8d12d85224beec538efb46ec62e9
SHA1 32a132d39da1b2efd57805204a5837c68517053f
SHA256 fdb4fb70f3f0d65bd64824794da5b90487d5b3b52628128903b614e7fc7cb33c
SHA512 5959f0a7b805a5d96485a8a7b1c9f3349530be65cfce9af6448b6cc38b3d4635155ca868a382a26bce9bc18d7e0b1f9ba799b4d6e1ae8aff5c9e2fcb473c36fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\60675404-32a6-462d-923e-981ee49f8014.tmp

MD5 2e143b54972e37292ca5a34ce7522c23
SHA1 7cb7e0fc3c72564d8a626190a35e1aade9357f21
SHA256 fd3cfd73e8b7a5227cf14071de949872e209393856ee92d6d0167d9d622a32a3
SHA512 90bf3eb717131132e968cb95f91e4acd49b4e01b85f819adfb3e650ebf42f8fd59058c4fcf3418f518c7895950ce50ec9460f73dc0ced6b9d45a0d84832d8e5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fc18c388-3105-45c6-b310-e9d040931502.tmp

MD5 d47424a51b3e7f18b7cf4b77bcb3b234
SHA1 92822526e70ecc0175a9b6588ce4aeb21911eefa
SHA256 dc46cd3b15a4bf71d820b2e8448531b350cb64433ff924592ad2487e836bcc28
SHA512 2f00d42a203ae14af1490bdda37d4cf0674bcfb075c71116541c172a43ad97e5641bc242eb8cd375a0e2cadd364b248f7df301575a3a3ebc3a07546fb10a9b09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7d506a04-aa81-4f4f-8bc8-cbabeee79074.tmp

MD5 4e973841155dd022869b5706f0e26133
SHA1 be7c0e8f62141c0e3a7ca523957b8c35194163c8
SHA256 a6c17b5c4edfcd5a4619636413b1be52eaf69a90d0ffaa33e91566094ac2b5b2
SHA512 789d0bbc69beb7c79424c55950efaebcbb6fda989ed2f3b6d5b83cee774f8edd3ffb50b89fea4cb143f3440b1d13f01f2713c6bcc1c825c71e330cfbd8cbe843

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cd992c61-c6be-428a-9e6c-2bfe18608ba8.tmp

MD5 9806a5f4fff5c1dc0d40ab2668ae88de
SHA1 bb43e78af1225a00c020862a556269f4c878b1d2
SHA256 07a22efb2647bf1c5ea0de3d53dd4aaf0da55cdfe3e19c495638cc981196f669
SHA512 e1fb7399fcefbceee368795d17bfd14ac3ad98c45896d9ee7e21af50c2bcd8eac8633f2f06ddf03246492cb8bb2ffd8c6b7499338aa693471dc170e0911719d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f3319238-9613-437e-a42b-d7223d304743.tmp

MD5 59fb914564122ec52254e4f08e22e6b5
SHA1 6b9ffdba9e80fb82f0c45f2beb00df99ed7a76c7
SHA256 1c6608d866b553567946900ed341f2b2f988b15cda45cd947e044184a1163408
SHA512 ec49a0c456a0fba9c125d2e4aa0459d03d9e5d1e1f5a8802fe2a933a65310b902c8bc13ba1dee30572fa59cd3e2ec3c2f29b4ec15dab0eafcfd95791f1aeea16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 50c4bb755f26447a440f0e866ad73754
SHA1 e5256860e1d69f14c8174c2e33cd387387b0efca
SHA256 eacc4e32bf997b47921e77fd98e272f49e6dd423b3a49562a00640bb6d2395c7
SHA512 6a68ab0e32bb5527ff71802829e5c888b7b5c69b2a7e3243892f3171ed4176cc15ae29d2e056b5e0f4be79871c595d74a0dd04aa7b1c2f04b3794ec80ef24d49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 59fb914564122ec52254e4f08e22e6b5
SHA1 6b9ffdba9e80fb82f0c45f2beb00df99ed7a76c7
SHA256 1c6608d866b553567946900ed341f2b2f988b15cda45cd947e044184a1163408
SHA512 ec49a0c456a0fba9c125d2e4aa0459d03d9e5d1e1f5a8802fe2a933a65310b902c8bc13ba1dee30572fa59cd3e2ec3c2f29b4ec15dab0eafcfd95791f1aeea16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e143b54972e37292ca5a34ce7522c23
SHA1 7cb7e0fc3c72564d8a626190a35e1aade9357f21
SHA256 fd3cfd73e8b7a5227cf14071de949872e209393856ee92d6d0167d9d622a32a3
SHA512 90bf3eb717131132e968cb95f91e4acd49b4e01b85f819adfb3e650ebf42f8fd59058c4fcf3418f518c7895950ce50ec9460f73dc0ced6b9d45a0d84832d8e5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6ecca7a5-cd5a-4b6f-95fe-1762556f6ee6.tmp

MD5 ed02198cf40c14e88d6873e9778b8d5c
SHA1 507206fcb6d8264fc8101fbd995938f1df462521
SHA256 3e6d9257f1574fed6545f1a920dfae49790835e771d0b3d2d6caf243d94b702c
SHA512 d572d87901a150725c395d27703504190d5361d8e6ec13c83c4d5ab9ef97e86bc496773d8ca8f1c2e48d08f751bd04e4d4257ba04da3b07806b544753b13774f

memory/7896-357-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7896-417-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7896-418-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7896-420-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3646b1f3508090767b1a544eca92f001
SHA1 cadee1888877bff7fbd46793a105e6b875535c5d
SHA256 97c4ccb655c8ad4cee7128f82a65b6876e347a797c0622d733c2917095e5d402
SHA512 968963cabb5b9353ee84ea4c79a9aef07ab5016ff5b005a5e21c2b5d583321c49fdde8f412443c6dcb4676ef1c65549d2566d7a57c50a498ea4dae57d14b8aed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 740e8fd57a8a5e12b5b5b8e96ec00db5
SHA1 ae95d739ea1885827e49b471f86f7c523fc6ed54
SHA256 c462e7595df2f95a9e8bff9029084a8ba8cf847d52c7be8831cfd620d21287a8
SHA512 40cb47fb6debec9d4227dd6b768f160bd4b981087d184d851378d621f9b964c39fd74560bcad622f758dc91607543f3f41127ebb5e2f82e9a0d58e43cbe951a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15c29f4524b5285e106e2dba2dbdd705
SHA1 ea19fb316a0d19a05ad044651e542108eaf35fcf
SHA256 3d408f05a4938351f4cee3aaed0ee74b0881d9e7c7880bf8817a65620065462f
SHA512 1e56059187db49daa834cf4b47df42bc646ab9986949952f7e44a083ddef74bc6463d762f1f85843cb1761a7971ed0faeaa1c031200d6a2397629c5b8611e6de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4366e8d52b54651997f2be38e7b6b7c6
SHA1 cd504763c73a56dbf757f9ce695f2e0711ef95bf
SHA256 4b9d928c481b31171afe0ee1066b7ad128357a0f9cb7068b12ca657e8ebc132c
SHA512 f16b285c66aef68d3f9833ea2d5e6e9a2702ef6747924d98dc77da25fc70aee7763e2cc1cebfb56f5710f873412218d95c1276882e0c315ff5caec4e091f8c46

memory/6516-657-0x0000000000400000-0x000000000043C000-memory.dmp

memory/6516-739-0x00000000736F0000-0x0000000073EA0000-memory.dmp

memory/6516-751-0x0000000007EA0000-0x0000000008444000-memory.dmp

memory/6516-753-0x0000000007990000-0x0000000007A22000-memory.dmp

memory/6516-756-0x0000000007BD0000-0x0000000007BE0000-memory.dmp

memory/6516-763-0x00000000054D0000-0x00000000054DA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6dd861f5444cfda228528e8ee3a636c5
SHA1 268316b060c9dbe957f9c9ad5088a2124ca86f34
SHA256 10089f9c2b467a4eef67116a1c9c39a41f79ce78cf5cbeae727fab4bf30c137e
SHA512 7d6535a0c0d377ab5713a04e88f0973f40695485ca6b2490991284ba1694d5720efe9bbded6fb352c1377ab0ac4ebc28e6457db0a87fedc164501bc9ffa307ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bcc3.TMP

MD5 122c0f04c4578f98b266a2573a71d5a0
SHA1 bf39b60467c590ae57eb6d29a7fe43bc9a42dd4d
SHA256 11bdc8d22f15f0fc11ef9f2cadeeb450c3e58884a8787e850aff4f8d21c94f11
SHA512 881cd09c1e498cad5e7857fb5ea9821b0b79a2fbf4d6de32a53d69aa4668d568e211461b0a1fc67cfd3e0e33cac71c78edf4443691278fa10cf928a6a1e4eece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 216e32375d09cc5c773a3666d194384e
SHA1 c269afe97e899c24b5acc29999c8ccec0eb099dd
SHA256 469b42fd57634ba30884fd94fceede27ecb77cd8b44f97dacbcb6c114e813e83
SHA512 946ff32a46dab4e7d00b74b0c4d1415572718787094f75c49d52b6370badad4310d3ad5b5647739f81da83afc41eab1915b05e9ec62f7c6a9203b608d6e2f0c1

memory/6516-792-0x0000000008A70000-0x0000000009088000-memory.dmp

memory/6516-796-0x0000000007CF0000-0x0000000007DFA000-memory.dmp

memory/6516-797-0x0000000007930000-0x0000000007942000-memory.dmp

memory/6516-798-0x0000000007A30000-0x0000000007A6C000-memory.dmp

memory/6516-799-0x0000000007A70000-0x0000000007ABC000-memory.dmp

memory/3556-810-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3556-811-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3556-812-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3556-814-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6516-818-0x00000000736F0000-0x0000000073EA0000-memory.dmp

memory/6516-826-0x0000000007BD0000-0x0000000007BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15a74eafff7a274a60847ac3d0cb5a24
SHA1 ec6798959334d84b739f2b60349c3877c947a7ca
SHA256 2a723ba4e7893e2043b35f314a4931cff0a6b373a8a30273091cfb97cd93beb5
SHA512 0cd2afa4cf463e64951a1223f3773bdcadaf26527249aa7187f1f7fc3d3879c6564312e3b4ff488fd9ace7fe82e6ecac2b55f4e4b8a5134599de7fe553a9cd46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d444d52a7488f98f3107f1f6bd658734
SHA1 759ca18382bbb94c081dfd687e9e813e83acb69c
SHA256 b14ccd379f5015b272ade5ea53afa46e21dcb6c578f91c45b40df201f6179eb4
SHA512 cd93a71876f898d5cea2ca6c6b31f6edaa394ef9e3bf1f52c260b968a73f2c56f2a386e91988a6b37e14096a908644839d7f585ec2903a7cf5f36f52aa2239ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe593455.TMP

MD5 53e15d2e38098ed2cc096a9eba00ec90
SHA1 4e4881cc5c2fc5224081a561e2c879b7cefe1195
SHA256 24741a9a3b394c7f061c42c9a638b5eca03b6e1b2554dae45749b8fd966de7e6
SHA512 74d7ed96afd38e9cd7b1af2eabf8167052e247ece73375294d8ea488e66c228b2188af4592e490cf12658142dcec0aa215b8875cd85bac33f27d09c950e0f5ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7afa566342ba6bac17deacf3a52691b1
SHA1 5d9cc1091ec0df91213f74f4a096a5ca39911962
SHA256 1a0a1296748a948653434ae6de9aa24f7d95edf5ccad541c05636973c9b1ba4e
SHA512 dc0766bc2e814299949a6dd0ee38f89e217dc2a5faa2d376fea03bbde6d5e058cbae9a96eec627294e00f113c34192fe67bf39e23018faadb8d178c22d9d0715

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8fa9fc5-71a6-4fbd-bea3-f4ab280c7dea.tmp

MD5 1ae37d58bbbeae26f220ace26f31e1ef
SHA1 95b4f5f7d54e5194d88e44155a0d4aea0034e487
SHA256 da366d4f729ba39b6bbfc0942426cb0b82cabcfff8dda0575c9b3e3e276ead71
SHA512 d1ea8e13eac6c1e725b1ac1265b2a433e6e019e6ee7f03f5a81862ce79b0aa37f0d8be79f52cd370f83ea7a4341b0ce70756eb6c455254cf95f86b5ca8eb6b86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cf69aebb8fd6b15ab0853f73ec325fee
SHA1 fc466c28f8787e2e946ea253c2e8b991edb9f3a7
SHA256 6fa4a312e0e61fc668f80be28e0f077c15eab2d6d4fc65619e55f20b64a0cfb0
SHA512 1876a61a807ab22a11d7eae441c19ce8cf16a0dd31a90928235c8416601c76cc8680ed4c5217bf917e858aa983760d3cf7a53dca8c55ff8098bb2b86e2eccceb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e2e9bceb529c3344b862c1945667b642
SHA1 fa328f4f3d66d705e2a513253d17170d0f168b12
SHA256 1c08acd4adc988dc4e9465d6338600fb695729e4c9581ea1e946b1dc33378c41
SHA512 cd20e196a10f9cc3126138e3914541fc10913fdef8bc5036fbbce2b28889066f5072added597dbb2f184c322466130a294a7347b3e4469d89e9e7c89b6a3dbeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 183546b624b5c7e409da012097cfe927
SHA1 706085ef54782d375c45de888192ac028c7fab69
SHA256 4ba49916ad873adb1efa91909b72ad487ef9f05b001de88160875ebefaa1ff07
SHA512 f5ba1b0e08009b8aab7cdad655e8c1ec36aa51b50e874b10ed29a263868653a5d00f5957922b60136d8296cb291c733101c2c93002eb88ef1a165557d74ce665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 22de6294ccafdb570a2efe4c2bea63cb
SHA1 99ac4e875595f421c0b1a123cba9fda6cd89dddf
SHA256 04f0d510a4e9e6e8b9414f00603ddfbcd12dfe1568cbcb32a71fdef252f1fcbf
SHA512 894f23850b808b5041f11b45ae446cac61becbfbbf12b47606d9428318eecb8febf5be4b91b68df965633f9d76fbdf8d37ca11b9cd7cb2473ded5d50510ca163

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 81b66150a730c902c4f0e76bec035360
SHA1 bdc123ee569992bf806f4832a86b630df52f2556
SHA256 5e2f5135117892164314e54d1f72161357627e6b0ab359eee7c8e99bb3bff2c8
SHA512 2816e0225b6a6ed7cb50fbbfa70bee3fe9722cbbef9f045006c6c3efec38f264e75ea0b5b296bdc14dfd137ac55f203df9e8357bdfcfac9efe68ac72787f4e74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5b07bd20-0210-4bc4-905b-59c11aa0db5c\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe59b0c8.TMP

MD5 709224d8699a021b26c54a92b7ba5346
SHA1 af9a40b2dd0f2a8de9e20a07d288514741764af7
SHA256 c6e97fdb64243c0aaa1d7ddad928b76772ad4476c97750798d289450290598fb
SHA512 64530a5989f11f8d4eba0e712dff8ff123e8eee486333195750dc0b1fe472239c2cbbe30bdaf8fb9501c0639f2c03ef4de742bcec4a97520c07f3d02031593db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 8f29bafde19b09ef8543778a05cfbb81
SHA1 af1309bd486ab459fdea1476691fa85ecc3bbcd5
SHA256 1502ca606d246294e781fc0926a2dedcb81867ab97cd23b21b498a7b13cb369a
SHA512 2229815e47d8621bdfc8ae0ca9db289f005abc578650264c3c28f0a7e4560081e9e5bc269480107f5b9308f46ea92255d411e625608ac6851e68bb3ef0d634fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 859448b8c944277538d50057c770f4b4
SHA1 19c3e5c03c5719a2091910184d051195fb35f7f3
SHA256 dbaceab40ca895cb4a76c32d63370cd999c3ee1cda81bab00c77a13f3bfda6c7
SHA512 43dab30721520fe764823c14120854790e906a4d66deb0e73a43c5f1b3f2e3c3c458cf35e13f890a7ba7312999ccd78f230ddb8e4c19a5ab8c15d08fc4b9b19b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 16e2f010e0722286941b7f297cf9a529
SHA1 55efc24068b29224302f4c8681db6bf380ba8b4a
SHA256 15ec57c68c5277b9cd0d5fcecb75e96cd9904884b86b1dbf28ccd25be6ba4903
SHA512 a06926b07fad2407e4413fa7837ed8ed3a073c7aa2ec83d8e4dc51d0459c23bfbf5c214c3b3bca10a293156dc031057989f11a987171d689da4971bb4d3a644f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a0f24.TMP

MD5 e26dc8a013bdef1e6211fba54ac786cd
SHA1 d4725071b5114b61f8ac7239784a54f323ff9fd8
SHA256 b1280f24870d32bf6174ae85e75c241f807877aa2bd2304b49b1c194b9ec166a
SHA512 ea1699ba52e4dbd7083cb3459f9c1b92864f394d0131624c328af88a81219f7863c67ff7cd6655174254f54c9963db1f0953bc75675db90a808130fca6eeb18e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 bb506ac652d0b983f9862c735736d191
SHA1 b39c337cc8e2911b7e2396d88090e11ac3589626
SHA256 29b0ead0077df29e7c85297edb0fb01ea2ecaf1024e3ef0b01df507a2cfa7b04
SHA512 9770017965ec64b8bc733e72330c54ede4d785e6f3ebdf386a8b2894f6df9b50306fc531491e637d647d5971477b1a00144580fdb1f71dc8074f38677562199d