Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-fcbtsaaf9x
Target 1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741
SHA256 1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741

Threat Level: Known bad

The file 1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

RedLine

Mystic

Detect Mystic stealer payload

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 04:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 04:43

Reported

2023-11-11 04:46

Platform

win10v2004-20231020-en

Max time kernel

151s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4144 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe
PID 4144 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe
PID 4144 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe
PID 1860 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe
PID 1860 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe
PID 1860 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe
PID 2072 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2916 wrote to memory of 3836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2916 wrote to memory of 3836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3736 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3736 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 3340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 3340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2708 wrote to memory of 848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2708 wrote to memory of 848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1380 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1380 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 2944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 2944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 540 wrote to memory of 5328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741.exe

"C:\Users\Admin\AppData\Local\Temp\1a6351f0f236852775a7d731af0c6e166e59903121f8c95ca438b9b2458b2741.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x168,0x16c,0x144,0x170,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,3376991519415393686,11081356658692344419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,3376991519415393686,11081356658692344419,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,15830539227419253312,7823061844206330686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15830539227419253312,7823061844206330686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12794383390085046605,4555896808110263247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12794383390085046605,4555896808110263247,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,18226872456930905572,15273185042868860254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,18226872456930905572,15273185042868860254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5479557313581923496,2210586848639926065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9bed546f8,0x7ff9bed54708,0x7ff9bed54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,10789499827177964435,11275964909201246060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,10789499827177964435,11275964909201246060,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5479557313581923496,2210586848639926065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WI7007.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WI7007.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,62793320530639514,4846635625351085652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3yw60Tj.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3yw60Tj.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7084 -ip 7084

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,8389200619548270941,6203868240933285861,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 twitter.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.1:443 twitter.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 54.146.192.0:443 www.epicgames.com tcp
US 54.146.192.0:443 www.epicgames.com tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 0.192.146.54.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 68.232.34.217:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 login.steampowered.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 sentry.io udp
US 8.8.8.8:53 play.google.com udp
US 35.186.247.156:443 sentry.io tcp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.10:443 jnn-pa.googleapis.com tcp
NL 142.251.36.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe

MD5 f1bea999b7e66a0c07cce5dcfa2d8571
SHA1 21a111b38bef2e43dc42e75f1250eec405ee2478
SHA256 b5433a5869347f2854c2ae371df3ac3bc9cc9cfd66767baba6546f41fe6feeab
SHA512 2f677cc72a17eddcfcd948196a53ae2a63f4fa532ac611c0f12a5c7f47e36fee31a21125f3942d2daf816cde8ea061a697c9c8b7ad9ed4a94b86d75d28b56c22

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HF4Dy27.exe

MD5 f1bea999b7e66a0c07cce5dcfa2d8571
SHA1 21a111b38bef2e43dc42e75f1250eec405ee2478
SHA256 b5433a5869347f2854c2ae371df3ac3bc9cc9cfd66767baba6546f41fe6feeab
SHA512 2f677cc72a17eddcfcd948196a53ae2a63f4fa532ac611c0f12a5c7f47e36fee31a21125f3942d2daf816cde8ea061a697c9c8b7ad9ed4a94b86d75d28b56c22

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe

MD5 b8d7f6022494db91f95b3ddcd081b6a2
SHA1 de8e7589c602190ddc37c78dffcb9b0e0b3bfbdd
SHA256 7e39f98f550ddcae6ad26fd171cc6a6065f593cfb6a8e3d89d121f33d69ed26d
SHA512 52554033b000e0cb49b676afe7ac1e394dfe65e941630bb8cf74ac9fee30548d3918d919ea73ec2deb5ae4ce8ddadb36e9c8616bfefaeab1a47bc86e1ce8cc83

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Hj55ti1.exe

MD5 b8d7f6022494db91f95b3ddcd081b6a2
SHA1 de8e7589c602190ddc37c78dffcb9b0e0b3bfbdd
SHA256 7e39f98f550ddcae6ad26fd171cc6a6065f593cfb6a8e3d89d121f33d69ed26d
SHA512 52554033b000e0cb49b676afe7ac1e394dfe65e941630bb8cf74ac9fee30548d3918d919ea73ec2deb5ae4ce8ddadb36e9c8616bfefaeab1a47bc86e1ce8cc83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_3736_IRHCOYTOZXRWKKDA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2708_RZLQFDMMCPXQZPEL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2916_IPNAPJURMZCHBPHM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_644_AKUQPDCBWAPZTBLR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_540_MDLHREWOIKTTLHFU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_1380_NGBEEFWDLYKVBDUG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 779112f1f08892271edf33c1c77430ac
SHA1 99294426523e40c6262fe1dc9cb2c1342c469164
SHA256 a397e9c6365347c00e11b2ca821433405ff501228d16542e4a5b5a65665fa81d
SHA512 65337f20fd33180c2ee7084fa9f6a646fcdbffdf90497d1e7a5e7ddbcc325f39786e5a48c3a92ed68dc0a5bd77c9376a7bfcee43b862327a7dae985739c49d00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 779112f1f08892271edf33c1c77430ac
SHA1 99294426523e40c6262fe1dc9cb2c1342c469164
SHA256 a397e9c6365347c00e11b2ca821433405ff501228d16542e4a5b5a65665fa81d
SHA512 65337f20fd33180c2ee7084fa9f6a646fcdbffdf90497d1e7a5e7ddbcc325f39786e5a48c3a92ed68dc0a5bd77c9376a7bfcee43b862327a7dae985739c49d00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 35cddd6e5e7fa39e46f0eab70d1c48ba
SHA1 4ade7511ce0873fdf86e1ee537345723a37cc9ba
SHA256 403ecf0fd1ed7ec12f4b716533a0c1a9a87998d511f1b0655beb6b2ec57c1028
SHA512 c2fccda03d666e63ee360bcea48a7677a9e466c3356db658b1a064bd107da5a286f2a6008e8ee2910a2a645d41e64e02f707bd28d2901dab3e76f7258772cacd

\??\pipe\LOCAL\crashpad_4164_SPWGAFJBARJLGUKJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15e9dab6556d39206eadc8f6f608cbd0
SHA1 ff17054b8327ec2bc0bbca1402d721d871c8eefc
SHA256 c1711b33160a2f6134ecc36396b74c9c0685b5639a52c09e0b35ebc59541a3ee
SHA512 8bb6113300c092a717dd2428b897c507bc1c2086fcba13677c17c6df900e439da1145195ae390a7f561321abf50ab38e39e4c79f7dd6645d021020182e2b81d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b98c03f876805691f3d54000b892a49
SHA1 df8c2a0ce05f7538cddc09cb0dfb88d1e6be9889
SHA256 48dc7d267adec9232d8aaf50f87c3388b4b4885ec9f5f895c5a0c9bf06c98a10
SHA512 d079de7b7a2430d7200597db48b45c94cc875ab40cdf134f5e1fae60e36347f6ba7da7439a35830dd63db24cb8c9d8ca96ad7e6fca61ea6d20180df278e28a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6db6c215-c1ef-44b6-9f9e-b923a6c5a554.tmp

MD5 d8e546c08fac8f9eabcc02136c04ad74
SHA1 cdbae9b8a2913d30493e14a993b6b226be5678be
SHA256 f8305a04ccd78d28beb5cc78f1c6457f118134de071570492690f415ac8e5ead
SHA512 e57b1f64eefc5191d36befa0d4cce2e739148e127fa1e4ab0ecc67dc667412e9b0790e899fb09bea3ffde7d02783684b8898e834d8aa6d302cbcc32ce7d8d069

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b98c03f876805691f3d54000b892a49
SHA1 df8c2a0ce05f7538cddc09cb0dfb88d1e6be9889
SHA256 48dc7d267adec9232d8aaf50f87c3388b4b4885ec9f5f895c5a0c9bf06c98a10
SHA512 d079de7b7a2430d7200597db48b45c94cc875ab40cdf134f5e1fae60e36347f6ba7da7439a35830dd63db24cb8c9d8ca96ad7e6fca61ea6d20180df278e28a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f74649416110d871a937975f2bc834a
SHA1 b49488e076c1afcb0dda9000e24916a8e0a8b9a5
SHA256 61add19c4d0ed26004a775ee97ea272870aa0b712c9e2ec0e0b179d90bcd3287
SHA512 63a6480a23d4935f763713517bc6ed09cf4fcf8083985ee814fa9249472aacac2df8a6e1eac336c7528c115ad780d3863c444105de5454d3e051658c39362a9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f74649416110d871a937975f2bc834a
SHA1 b49488e076c1afcb0dda9000e24916a8e0a8b9a5
SHA256 61add19c4d0ed26004a775ee97ea272870aa0b712c9e2ec0e0b179d90bcd3287
SHA512 63a6480a23d4935f763713517bc6ed09cf4fcf8083985ee814fa9249472aacac2df8a6e1eac336c7528c115ad780d3863c444105de5454d3e051658c39362a9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d8e546c08fac8f9eabcc02136c04ad74
SHA1 cdbae9b8a2913d30493e14a993b6b226be5678be
SHA256 f8305a04ccd78d28beb5cc78f1c6457f118134de071570492690f415ac8e5ead
SHA512 e57b1f64eefc5191d36befa0d4cce2e739148e127fa1e4ab0ecc67dc667412e9b0790e899fb09bea3ffde7d02783684b8898e834d8aa6d302cbcc32ce7d8d069

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WI7007.exe

MD5 e60d9e2464a99a7c4d83d1584236d0e2
SHA1 fec4e38ba8d5bcc72a13132c637f70797eae8e3d
SHA256 578b1e3ea27c6a53d8e4c9ca5cc7068132e5675535a3a74e30b54737d3c20056
SHA512 753e7cc02e39f2e6e71ae52449de187fa0ce68a474cd258de64f81b06cefbfa011e9ed7a3e1f941f810247d798b8a5e3d667a7ee98f67af9ad729a96a0ad1d31

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WI7007.exe

MD5 e60d9e2464a99a7c4d83d1584236d0e2
SHA1 fec4e38ba8d5bcc72a13132c637f70797eae8e3d
SHA256 578b1e3ea27c6a53d8e4c9ca5cc7068132e5675535a3a74e30b54737d3c20056
SHA512 753e7cc02e39f2e6e71ae52449de187fa0ce68a474cd258de64f81b06cefbfa011e9ed7a3e1f941f810247d798b8a5e3d667a7ee98f67af9ad729a96a0ad1d31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15e9dab6556d39206eadc8f6f608cbd0
SHA1 ff17054b8327ec2bc0bbca1402d721d871c8eefc
SHA256 c1711b33160a2f6134ecc36396b74c9c0685b5639a52c09e0b35ebc59541a3ee
SHA512 8bb6113300c092a717dd2428b897c507bc1c2086fcba13677c17c6df900e439da1145195ae390a7f561321abf50ab38e39e4c79f7dd6645d021020182e2b81d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b98c03f876805691f3d54000b892a49
SHA1 df8c2a0ce05f7538cddc09cb0dfb88d1e6be9889
SHA256 48dc7d267adec9232d8aaf50f87c3388b4b4885ec9f5f895c5a0c9bf06c98a10
SHA512 d079de7b7a2430d7200597db48b45c94cc875ab40cdf134f5e1fae60e36347f6ba7da7439a35830dd63db24cb8c9d8ca96ad7e6fca61ea6d20180df278e28a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 779112f1f08892271edf33c1c77430ac
SHA1 99294426523e40c6262fe1dc9cb2c1342c469164
SHA256 a397e9c6365347c00e11b2ca821433405ff501228d16542e4a5b5a65665fa81d
SHA512 65337f20fd33180c2ee7084fa9f6a646fcdbffdf90497d1e7a5e7ddbcc325f39786e5a48c3a92ed68dc0a5bd77c9376a7bfcee43b862327a7dae985739c49d00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f74649416110d871a937975f2bc834a
SHA1 b49488e076c1afcb0dda9000e24916a8e0a8b9a5
SHA256 61add19c4d0ed26004a775ee97ea272870aa0b712c9e2ec0e0b179d90bcd3287
SHA512 63a6480a23d4935f763713517bc6ed09cf4fcf8083985ee814fa9249472aacac2df8a6e1eac336c7528c115ad780d3863c444105de5454d3e051658c39362a9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15e9dab6556d39206eadc8f6f608cbd0
SHA1 ff17054b8327ec2bc0bbca1402d721d871c8eefc
SHA256 c1711b33160a2f6134ecc36396b74c9c0685b5639a52c09e0b35ebc59541a3ee
SHA512 8bb6113300c092a717dd2428b897c507bc1c2086fcba13677c17c6df900e439da1145195ae390a7f561321abf50ab38e39e4c79f7dd6645d021020182e2b81d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 35cddd6e5e7fa39e46f0eab70d1c48ba
SHA1 4ade7511ce0873fdf86e1ee537345723a37cc9ba
SHA256 403ecf0fd1ed7ec12f4b716533a0c1a9a87998d511f1b0655beb6b2ec57c1028
SHA512 c2fccda03d666e63ee360bcea48a7677a9e466c3356db658b1a064bd107da5a286f2a6008e8ee2910a2a645d41e64e02f707bd28d2901dab3e76f7258772cacd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\af28583a-c295-489e-bf54-954bfc9e069d.tmp

MD5 0d0a75cb10eb6036c3f862d457fef63a
SHA1 568895fe8e2c6b2a70851951d6839851d4b79ebd
SHA256 28abcf947bc1efcb876cf352d077cff46c39b0dae8227d8ad21ed6a872c73897
SHA512 42e594aa4391aab9a53d43322af661b718c0e72bd3ee77377c6032bbf43c6a49eb0faa1b90bf584ad136cd14cd803dabae7b7fe6b5e4df145ad0c30d2beacc9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d8e546c08fac8f9eabcc02136c04ad74
SHA1 cdbae9b8a2913d30493e14a993b6b226be5678be
SHA256 f8305a04ccd78d28beb5cc78f1c6457f118134de071570492690f415ac8e5ead
SHA512 e57b1f64eefc5191d36befa0d4cce2e739148e127fa1e4ab0ecc67dc667412e9b0790e899fb09bea3ffde7d02783684b8898e834d8aa6d302cbcc32ce7d8d069

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ff305311-1774-4e4b-b514-51588d41d872.tmp

MD5 35cddd6e5e7fa39e46f0eab70d1c48ba
SHA1 4ade7511ce0873fdf86e1ee537345723a37cc9ba
SHA256 403ecf0fd1ed7ec12f4b716533a0c1a9a87998d511f1b0655beb6b2ec57c1028
SHA512 c2fccda03d666e63ee360bcea48a7677a9e466c3356db658b1a064bd107da5a286f2a6008e8ee2910a2a645d41e64e02f707bd28d2901dab3e76f7258772cacd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bec8a90264861a65d3e38ff9ba012e60
SHA1 376e6cdbd5b1a376a0a96276651a046f7e8c2647
SHA256 3758270e5a449a128c3cec221671539e06ac06f04e3fd804232217a8cc2bdb50
SHA512 66551f01b490533f5da735a12c396e503c48f7081ca95db8e80d4e571e7ae2ae93e5c3b2ffc15124a5e7fdbd737dc3e895f27f64e4bd061546c4eee76a2bd7d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 68348c2eb03c96414a64381b4a87a40a
SHA1 aacfcf0bf43669d711a40c6a1b1f3b3dbd23251f
SHA256 30f092d4976c393966d442fb090197de807a1936e2e94061b41978c531dce26c
SHA512 5198cc6ea12e6aa7be7d44b9caeea8332376eafcdf948861c627a6e78b5c41780f10827ee13e2e847f2e82b3b634022c97cbaffb696977c898aba76e4f74e365

memory/7084-313-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7084-314-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7084-315-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7084-317-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1afc74627aaf42b28b37e5139f347ebd
SHA1 b47c1d982f0c2683718f90ff84751a08281b3dfa
SHA256 edc48cd0ad31050bef7befe612bfd15955bb6de1a4d634d186616c44a32b5673
SHA512 c81d931d27e24f220a41cfea1cf00784ccce60a11912fea5e817c0fb87ee6ba82741cf02e0c6d59acd46481dd35fc1d320b6f0dc1bafa2310ec8bea45e861282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

memory/8284-376-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e5392544c5e9cdd19413e9160c1756a
SHA1 798e6d93daac8f19c83e293c1a6645592665662a
SHA256 b11c96a3bf6b6df4b0e9727c8ca3f0fcd207373f0054473b4374638937531c3b
SHA512 5ddd933b82848d23a20cb6da6c9c5c3ca9951f30b646a6659011d51bf227fb069a135d6cde2eecfc960fea6aa9b0a98765dd98a55a49cbfe3ffe298db25cd521

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/8284-470-0x0000000074170000-0x0000000074920000-memory.dmp

memory/8284-491-0x0000000008230000-0x00000000087D4000-memory.dmp

memory/8284-496-0x0000000007D20000-0x0000000007DB2000-memory.dmp

memory/8284-524-0x0000000007F00000-0x0000000007F10000-memory.dmp

memory/8284-531-0x0000000007F10000-0x0000000007F1A000-memory.dmp

memory/8284-564-0x0000000008E00000-0x0000000009418000-memory.dmp

memory/8284-565-0x00000000080B0000-0x00000000081BA000-memory.dmp

memory/8284-566-0x0000000007FE0000-0x0000000007FF2000-memory.dmp

memory/8284-578-0x0000000008040000-0x000000000807C000-memory.dmp

memory/8284-581-0x00000000081C0000-0x000000000820C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f16f6565d4b37e351febadf7869b0c51
SHA1 57a9661156aa6457deb8ecd41ad70bd6e80ed432
SHA256 7666b028a1296095b527ef8b4929fe4cd75668314890ba1c98c2c9c124ef7508
SHA512 d21a831157c7aaee0c4b7b1b9516ad22c2cfdd7d1410760c26a8d21326c621218862439048cf3a2f9db24a8da34560bc00682bc11a56b078cbb434cd7d73e5ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589390.TMP

MD5 10f645b5ad1f49db6f1e4e86de571f47
SHA1 96fb804c42ee5d7ccd84f8325f090b3a078f1566
SHA256 cd0e31cf96e3c3494f6ed20dce7911204463ae08962b3d4ac6aa4551feb2bfc6
SHA512 d30ba51f18f493a5bd5e48075a570ab1b4feec33679c4f74aaefa711cec6e998623462344ccd2343349e3f88cb8b3c0310cb3fd7ba059e4544b53a41cc80cbbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 8f58114a7e1bda6c18bebd73c515c414
SHA1 63793722aee967273920d3f8cc288dec4dfae7cd
SHA256 42e75a0acf94a4961c868f02c6577de0047c56c80b48b93429ee55944a28e0f5
SHA512 91fe42d9dbb147e3fdf472b022ea7f9df59ed8305e12c004fd2f7b8259a8206d7d2e76c077ae8509be0135bf2904a95580049bdca8b428fe80600ae76034e982

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58a0cf.TMP

MD5 cca3418b2ff73bb3ed65281cb69d7a32
SHA1 9b11024324d868ee24deb9c7a03ce8d4bf858f34
SHA256 66a4b1a0420f4d66930b7081c46ac983a228e49847156034229f9f585d7daee4
SHA512 883534de22b4b9500557c75595a8274d0f6d508fd0366a81fe767445715b2a3ab2ef08d8c84d62c27f8748637ecc3dcbbb54fdd3d51bcd22c2da1e8cb2d34a40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 44581b33abd240952ae5fa7abd2f7c1d
SHA1 8534676e8de7993dae5753d2e8761f28729e4aaf
SHA256 8f55bde7c912dce918831ebf7a6948d29ff14b151db58a669dce97b7b778914b
SHA512 92d4805ec7e92a6207a66a1585903711fb62bddb5900488e6cef029a95ffada6d770f1583db74edf998a45ea453b822bb2b731e31ec21bbc0444e78bee3012cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4088033a-e993-4362-86dd-09235ffc5c08\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bf057210cc55580c0da91469860cc0c2
SHA1 287dc5087a3f728f663140f54b2a3e312627051a
SHA256 ae02480004aed823f330d7451f2ae455e8eb6e35432f33d9023776eaf8183ca4
SHA512 aada362f896da5bf3269dfed15fb64dfbacf3b820f601a379b648ce89b831dbf76963a685a9047d065ad898b82009dbdd4be33e12e94d99cedba2d43129045c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 987f2a2232f632037996e1633d85925f
SHA1 eb1799a9a331f83dc18763c8cd157e0e15e354d4
SHA256 15c05aeb4b72e3bf74cf3f5847b01dade9f6039b459baeb873cda22fae032fb0
SHA512 3ac9ef524ee54194805a85b6f4554129053f1f246d78c45dc97a154121b7ea3860fe276f43e5a05a3d035bd6d7013338f218759ef6381793aaee16eadecd3dc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0967f99f3ac843f471a40c193f283518
SHA1 4a13986a3c992fd0e7e4ef7953a1fa1181c4e28b
SHA256 c4008d64f45ff3e33d86600d6789d23eb90c83fda2cfaf5595a536f0bcbfad35
SHA512 c5ad6d9452fb3f688f9dd50f9220d75ae5b57e4181ea1b4252afcb63dd9398b69ad0921683a1e6ee141977f2d92f46065d6ee5afb0f7fbec143a37a006ef2a38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 70fa2a3ebc2391576b58818a23b15460
SHA1 248dd81fc68f510eac2715908a7b2e3573b9d4dd
SHA256 4373e26ead531ae752806245771db1e5dcdfdd6c43f180c60fae863d218e11e0
SHA512 07614bd8807d1edb2c62bfaf9efca277de53123250cc52d2e32ea9f308552d523f4740a05e019ac0ecd708747c974a669ad6cffd026c68d00fbd7d077f8b9414

memory/8284-1005-0x0000000074170000-0x0000000074920000-memory.dmp

memory/8284-1017-0x0000000007F00000-0x0000000007F10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\084404f7-b970-402c-9d95-802d7acef129\index-dir\the-real-index

MD5 71178c0a7e51682973f40599fd07c68b
SHA1 2a5b306d0baff666624feed2ad1b5fc81225ed3a
SHA256 7121b26cae26bb70154e138f9da947812136a41913ba7f60755f5518bbf129cf
SHA512 8494b7d9654ec935b6b82a16e8e349cbff697d036142a0764ec9bd2a55f160211dce85b2da5fc2235d35081c97b8d3e9d09a6c8d5c8ee448e8e2c67875c88f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\084404f7-b970-402c-9d95-802d7acef129\index-dir\the-real-index~RFe58ffd7.TMP

MD5 4402e79151f502a340372a579e5b6af3
SHA1 04bc3d400ff04f05693801970174ab8080978ca8
SHA256 145352857c9e7b43c0d91380033201ab06a38e38bb0fa46b25a1f941b50b3af2
SHA512 d35d0811d03a6e611d7ce22ab90c5eef86ec332ba41f44aced94209f0991c039c41ebfc354ed3a4684d822d41c633ee203ecc2205549706c5df6b3cbdeea2341

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d344ac13408642820f301ce63998f996
SHA1 ca07ec841b4a1daf506761a81a839be71704cc51
SHA256 41a3e73bcae41629e805499cc13c7f76704fabb4a04675ed1449ef9b1c553211
SHA512 1cacc337480e95dd3e9d33e0cd92229eec7ce4bdfb73b843c48112c5c153f6e5586c7696eee00241a53fb5d7079593e0067ec11bc2c559a0341da60eb076f14d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590640.TMP

MD5 9fd66266e3cc26cd102617edd0ec5e48
SHA1 6bd836862f75183b0d0fb29bd5a347c42140e2ba
SHA256 62a2688332d16d23f2209baee99c1c8d9b623370a070dad0b7ee4b7d36d09f9a
SHA512 d89214e287f36e865d2d3928f40dcf4615e2b3a7c10ad8aa78a62985058e53805fdd834272ffbff5f972e1541ab15927fd0cbdc62b16ff86d543214b07871a66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d011e3a2d1cd43b3d8570b91607ae3ce
SHA1 f1745274518b6d988428ecbc46635e2d534a2e80
SHA256 9fe808d033d96a2c65855c093f3697e2b618987b5b88abd082f166cfda7fb063
SHA512 36bb670c1c9e53a206bca24fbaab78fcbb6c935106c06ca55101fdd2c2d3c60db5371ca0f732e70bd38867e170faf75aba4f8a8f0d1c033ac3308fb638095ffb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 798e9b0db2895677497f36f091fc8514
SHA1 21abb3e3acf41d5ac7da354988ab75cb4d402ef2
SHA256 2ab80c8435916b996d7bcecc6a88154706f17193b59d02819a8dc7fcac5aa54a
SHA512 19d62bd4250de01c8d80d1f1b4f115a7ddffd602f82f54c8d105de5184a77831d6e735fef5c20801a32ed6eba638be46d2be10ad58b68a28a0a9b59a63ca5e59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 49098358dbea38a7fd986ba44801eee2
SHA1 8d7feeac3117e8b0a7c1ed2f1a5c9928d7b622b2
SHA256 8e0b261f25893381fd1d5fc1e2418ac00dbe9e1340e29f85da29bc72d22faf63
SHA512 fcf524c07192cc57db97aea77bba608ea63891cda706df70325e4f4f54b1755b99f3c9103a2555c1f045293ccd8629bc975e3b77499655317a37d7275f734620

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a76a55ac280a5532c366b76e87d8bd27
SHA1 285ced1cfba6785ce92f4acbaac3f90e9b0fb616
SHA256 cfb4f2a93fea5a05067495153c420463ae440c5e330a703fba59037adf957505
SHA512 961751a0f7448a0358c4bd3a41cf4c4b80d275f642ca3b77d10dd27e9e636f0e962a73b5242685e31b1f763a870a6bcc4ecb3db914e4f30f83aec55673eed090

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9982ccaaca0640c492629a536ac2af39
SHA1 f6d0e6c40bd80da53834c8550ebed76d1981d496
SHA256 41b1ac72527a210d68d7ebfd740ab944e9317a170984aa2dcc1dbb5fdfe7076c
SHA512 8448b677606a43d3a0bd7ee4d93c4abbe3b1143b87fc385681363ba235ebc2f249c97074417652f560bd2835c0d6e629065db7090194aa3101b6323c7912a25d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b5fc885570e0c3790639a410fe0c439
SHA1 e80a5f269d6e41485d125bb71fe98f6408c90cab
SHA256 d42dad47da389b2a92edbc9173b7b10db5dafc140aaa5ea63ad4e280185c878e
SHA512 078ba527ce3d67ca83417472b535c55a150876db937885a488b7cd3b5fbdd03944a2846558cdb43c4bd7ed31a7feb54a152b5ba55e4455f914cd6d67257a525f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3411783d404075683d40d6b897eb536a
SHA1 54397435ad56f384c2563af37546bbc455dd5038
SHA256 d1021860514fb741b8e257e7530a893ee3ae8ef30e0910483385fcbcf546a429
SHA512 3dd1ae3623367d63b512091fc9f7826e9042c419a7f313258208f8677eabf6b312b3e6545bbf343168a498ed727080455963ebdcd43898806c0cd141b285b089

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 047fef93f469805d9c6afb8bb4b905f0
SHA1 65786c2fc8917a46f8d21dbcc81cc6dfc69e6f54
SHA256 3350bc28cdaab9caf2f09cd23988f2074af526f3a4f0e897c72061e501528a9b
SHA512 2009510156e1ca89d916d21ad700f71a5544ba376d32883f6ab08f4f9134e5eb9752cf7fdc44bafb0a7658c8578edba3442c90464cf99c4f2f55e23b67ff085d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cf7542a5-4130-4c92-b335-fa0b616501a1\index-dir\the-real-index

MD5 0d1e1d6bef8e3ed600bc2c13c9a650d7
SHA1 1e63d723c12320d9351626868477932d95985a8d
SHA256 bf2268359bea39b3fd5fce10ddf49001f22adf5cf5b7cadc9b69a37d868e5cc3
SHA512 268b1f604b5b822c4fac38b62a36f0703c24e52d28ea4e503741b9ff0ff31c6c50e8d36d98f97d09515fb4a3213a7f574992e9f829e36bb7357e8a72a057857d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cf7542a5-4130-4c92-b335-fa0b616501a1\index-dir\the-real-index~RFe5967e8.TMP

MD5 623cea2a63d06d66ad34a6e2fd232a1b
SHA1 33e8755c96e34feb7122011d3052e9db5de50b71
SHA256 aab819fb1f3c05e910005442f020ae4a68bfa34ba12d572554963249bb46bea5
SHA512 5f3682c03aa4d5469acf534bfdf608f81cc0e03a713a982539ef997dc6abe770de2896d2574bb0db07322a48427f7cd1c675347fc256ebd62855b7a656cb08f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4834bfe4689993711bdb3aa56d15ad5e
SHA1 2d9872125c0097fee1419fe6f729ed236dd68ac8
SHA256 063d37e64d4465709fed6a99625eea473dc1ae1869e4851833ec1028e7503066
SHA512 c6782f2b5a7f901cfe8d0dfc33478c5a6de23a8e189f3a90e6f8bd3bf3c3c748ff90524722788161cd5309632d37e64b61d884aa80d492c1551a6665ac4fba52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bb86bc741e081aa07efccace9a910db4
SHA1 9c418bee0f860856c448fcecf67945b42bcb5501
SHA256 bc9c4ea622fdfb0fa06485f0da152c6494aeee596d594534da34583a641934a8
SHA512 f4c89c59b7bbc3d135f1001d8419965f97cdeedb4e2cbc4e061552ccc800211644654faaa5eb9b1313fe36a3803e7903891a669ce7880c6500fdd0d6e0a5cc8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6f362547ce89d2b6d05ae59c27672613
SHA1 4642fc5933c6e7c6c08fb2775b6e2ceb6ae09522
SHA256 56f747b10de7dd82a986cb391588f88c8c337dd0e4166231db9534ff880d1b7a
SHA512 0395f741e2105d0a187d147dfa0ce4b5a373a87b6c5c18e9d0f92f4556fd773309499ac5e090208eb0d1c56e34d020f799374faebbc16ed6a8f3614266a808bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ec8bf9fdf8d6257034bf146164ee6c47
SHA1 92006769dc94c6efbc96207a2092eb83edfa1c11
SHA256 4b3a61d41708cfb3261213a8602f1592166ef5362d4567857856a2065a453cdf
SHA512 c28d880e52cb8b3c44e7046d604511eec17e2800a2adc637693090cc9bd358d378190dfcdf5e03cdcb322f048283a8c38fedcf5c5e9dd8d4fa1d09aeb328fc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\50f64412-4489-491b-bed9-38ede7831f6f.tmp

MD5 3bd2c8dc00eeb31146f40789010b6977
SHA1 6ee3bd8e3dda992dbb2f8dfaef4af134a0fa7f3f
SHA256 415f438a9922252ef40f71e295c9bafc2edbfb829e826d80729b0947c4d469b3
SHA512 b07506fc382924a857d34d73ec77e6110e9cb0fcca5c0014f1f4076e5dc3f8c5c9f2309d0e047947796beadc851005c073e9c7da19706ef629cddf025a12cf83