Malware Analysis Report

2025-01-02 05:18

Sample ID 231111-fhv5lsca25
Target f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d
SHA256 f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d

Threat Level: Known bad

The file f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

Mystic

Detect Mystic stealer payload

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 04:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 04:52

Reported

2023-11-11 04:56

Platform

win10v2004-20231020-en

Max time kernel

163s

Max time network

205s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1648 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe
PID 1648 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe
PID 1648 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe
PID 1760 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe
PID 1760 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe
PID 1760 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe
PID 1880 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1880 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1312 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1312 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 640 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 640 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4140 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4140 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4448 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4448 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3980 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3980 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4152 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4152 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3984 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3984 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2560 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2560 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1760 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2jl9213.exe
PID 1760 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2jl9213.exe
PID 1760 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2jl9213.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 6112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d.exe

"C:\Users\Admin\AppData\Local\Temp\f51d9403abd3f054e2b268606f4fe2ca98e1c59031215b6adfbd835cfec5446d.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff4cc646f8,0x7fff4cc64708,0x7fff4cc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2jl9213.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2jl9213.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3901792898197875511,17255508875985291778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,18101146326982276704,4994706907406583649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,18101146326982276704,4994706907406583649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3901792898197875511,17255508875985291778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7176944646445301523,17214880312038294025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7176944646445301523,17214880312038294025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13806114182065927415,7769201967133696463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13806114182065927415,7769201967133696463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3476396252283245915,3479549235624930976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8039720009412591834,16706942303695080845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8039720009412591834,16706942303695080845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6012397593888546946,12924399961407590649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,17942984176367548283,9104476014852612861,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11562109917856994142,11565921940198857817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11562109917856994142,11565921940198857817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,17942984176367548283,9104476014852612861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6012397593888546946,12924399961407590649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3476396252283245915,3479549235624930976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 7556 -ip 7556

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Ix30Qx.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Ix30Qx.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,16464335126445893685,7153684492410492276,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9960 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 157.240.5.35:443 www.facebook.com tcp
US 157.240.5.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 3.210.187.106:443 www.epicgames.com tcp
US 3.210.187.106:443 www.epicgames.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.187.210.3.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 254.3.248.8.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 abs.twimg.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 pbs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.paypal.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 54.146.192.0:443 www.epicgames.com tcp
US 8.8.8.8:53 0.192.146.54.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe

MD5 81c89bb9cf8991cf22a19df827ef70fc
SHA1 786576e1f6dca44db4f10452bd6304cb9fb29f70
SHA256 212cc89960adad12bad2d21d08960196239950ac45fdfb6858c09fa7577992c8
SHA512 2640959079a3e41a979e8adaa6b4c6f1ce22c65784c6bf67f91724342b328d9096991be87259ed8ceff1c2b59ba2deb8bca4a41905c5ac18065747dea46296f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bg9Sv20.exe

MD5 81c89bb9cf8991cf22a19df827ef70fc
SHA1 786576e1f6dca44db4f10452bd6304cb9fb29f70
SHA256 212cc89960adad12bad2d21d08960196239950ac45fdfb6858c09fa7577992c8
SHA512 2640959079a3e41a979e8adaa6b4c6f1ce22c65784c6bf67f91724342b328d9096991be87259ed8ceff1c2b59ba2deb8bca4a41905c5ac18065747dea46296f0

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe

MD5 c213541c971492075b179a49cd5a4974
SHA1 42e5387b398e168274aeae4c7db57bfd61416250
SHA256 4b083ab6fe6a6fb03f5e03c9aeb930763655de7e5b2d30cb8f32439b97944190
SHA512 869979177bcaf18b418a15300c221bbae71889a35ebfdefe1d2a29b5d664c35d56b5814f71f7a4569f37c924a3bd258d7ae7cafeef90feca6253e9094a7aa769

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1wB75SO2.exe

MD5 c213541c971492075b179a49cd5a4974
SHA1 42e5387b398e168274aeae4c7db57bfd61416250
SHA256 4b083ab6fe6a6fb03f5e03c9aeb930763655de7e5b2d30cb8f32439b97944190
SHA512 869979177bcaf18b418a15300c221bbae71889a35ebfdefe1d2a29b5d664c35d56b5814f71f7a4569f37c924a3bd258d7ae7cafeef90feca6253e9094a7aa769

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2jl9213.exe

MD5 b3ce354edb895bb87b53a344bca9c915
SHA1 64d64820920298bfe5d37a13de1976b1767aea24
SHA256 099c4386f5ae6860e0426cf85b3320e110de83d6b4a523b39ad45235cc5c3f77
SHA512 0ca3371dd3b1852138ba625f5451972b0f5c6ade805ec4f686aea8312c5c182424b533a2eaa1f43619f1037ce5831c9d777c9d14769e94d7cabb66bb0a0b0e62

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2jl9213.exe

MD5 b3ce354edb895bb87b53a344bca9c915
SHA1 64d64820920298bfe5d37a13de1976b1767aea24
SHA256 099c4386f5ae6860e0426cf85b3320e110de83d6b4a523b39ad45235cc5c3f77
SHA512 0ca3371dd3b1852138ba625f5451972b0f5c6ade805ec4f686aea8312c5c182424b533a2eaa1f43619f1037ce5831c9d777c9d14769e94d7cabb66bb0a0b0e62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3980_DPFYLLEMZUNTCVTM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3984_ADQQFUSPVHANQXRA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2560_WVCKNRMHZCKNUXSH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4152_SYPIQRQSIENOYCGN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1312_BTKPKHEPCJBDANXA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4764_SKBZEXEUSIYZXMEZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4448_HFAJYLNXBPXAALVZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4660_JWSBYXDXESLCIRDX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_640_HZGTUIUXUSFUNBZQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4140_OVFMJJWYXNQJPHBA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b049293bf4a143c54561eeb88180c16f
SHA1 037d4975242d595913e09c5cd88c327db1f3a82a
SHA256 0b741559bd6c8f90547737edb770633dc0fbe6e414e57d44806957b40e4dcf5c
SHA512 5d9baa7848957a2b4b8b70af32390bc68dd9f4c593cc38f5d6cdc2748334405b13c60814ec583679b1d6ff20af74fad776605514ef5be2ff6975c2ab0edb05a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1a46367b-3cd8-4b4b-a7e0-070bcec0b37c.tmp

MD5 5c444b9992b352dcfa615fb5ffc7a384
SHA1 37cdaddfd0da4d55be7d44e5c8736946a6cf314d
SHA256 6b39179b56849873ccbdb59a4666b71cad3cd96a0280221882bb145c6696ebab
SHA512 440a35b82f17bcf11d42a7e7d8ddc108c3ea42d5f64e26739e28734bc5498ff138306eff7f770302b4409446dd0dfe09e349760e2b34fd07968c5eef6160a1ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e28a5196-6f53-4093-847d-3b61aa28f524.tmp

MD5 d499330ffbe11323e4d1ec70ae7291db
SHA1 5482c4bc89389e996e6fff388424ae8bc67e13db
SHA256 3df032e3e9e776e3624b0ec3762d59396f46a8f04cb6ac46ba110873083c5065
SHA512 e8164ac8892e1bad816310c8fd3f442575ed308cd82832ad2ba9c85d7b5b166a67a5762794497e8aab8d47a4919f6f582ba7cd9399901a3791125b2184096850

memory/7556-226-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7556-227-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7556-228-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7556-230-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fd7eea7e-4316-42ec-8c48-f949671a7d0a.tmp

MD5 2ce159f32816d0d27236fd94fd269192
SHA1 848b6a789c7220da7d1e9815d494957d6368f21b
SHA256 d17fa125141af8f75f43ed80d53ad261aa86c0ad86ff5a9c7b892b44de470f7e
SHA512 6fd6ae89d3de16d074296b4cc8c1e35021394c630c11f434124627cc31a23e4a22d6988c446c7dc577ffaa2ce040a3c923b5b69c41feb9357815d2b055e7cd0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e8bb399b-1ffd-45c8-bfdc-f3aa5e00d369.tmp

MD5 103da5f97402ef21292a26d16367f56f
SHA1 1e1e8dddc24557c17574036cc08f1bfe909af40f
SHA256 4ed3153c7a3e5a3b92f83cb0bd5e8cd10f8bb235382d670e64e6d14f221921ee
SHA512 1be081d630f4b6b7890cc05b4b6515768ca311ce2de2548039bc2f2447b2bce727a3baf39ff85aa8efded0f4dbfa2f13fdec3c5c6bdc43fe00bd0891b332534d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d499330ffbe11323e4d1ec70ae7291db
SHA1 5482c4bc89389e996e6fff388424ae8bc67e13db
SHA256 3df032e3e9e776e3624b0ec3762d59396f46a8f04cb6ac46ba110873083c5065
SHA512 e8164ac8892e1bad816310c8fd3f442575ed308cd82832ad2ba9c85d7b5b166a67a5762794497e8aab8d47a4919f6f582ba7cd9399901a3791125b2184096850

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2a47c072-2b9b-42f0-acc5-67bd29c22ff3.tmp

MD5 158126d9d1b62be6c3d1d84563483663
SHA1 7d6a8647d1c7bbb1443da9ae056d518075e3fe2e
SHA256 c64af33ac13d2ae6b6e019b4df0529be40a431a697f3af5721ec057125ab6ff9
SHA512 9e231d9ea6082426101a0d1ee3c43cbf8d9cea2bdb7095ff4ab4ec0c41cb13b5d4a053ec581eddc82147b9035800c3f37186c4570e8a7a257c198bd576753554

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\21c0ed31-9b21-43e0-ac45-6d12d3715999.tmp

MD5 be19f09b27a60b7a02c78bb761a828de
SHA1 740bba361bfe190206f1645f8af0c1e2325766b2
SHA256 493e9fb6743c956384163386d3cc2b7218b02b7d50d55fbeea3e05b311bb4acb
SHA512 dadbb17a28b30cdf81b39e6daa9a4d193710cf3ef8b17c1ff3e59cf9a9ca8c64ecaf7488edabc02bc9d2b222ac15c0c81b25c40315bdea4271d20a21c8a96012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5ef53b1b-6106-4053-9308-9eab47c269d5.tmp

MD5 de79706ea284db371ccac6ae1a8caf85
SHA1 a9a40f4ca8cfbf9a3defe8bab15ef56d2eafe818
SHA256 70a72b031c9becb8ac4d99373539967ae39fe4d6a73439db1398e8f210e43ba3
SHA512 c0167ec586c9c4e1d17ad5057063b6803e8aad72d9dbf6b02ed44348e71aa54a91e6fdbcbdd99e715bf9e32dfd4afc88bae63e9fdb725d319a7869d131653bd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1299e7d0-213a-491f-a60b-dc5743839e9c.tmp

MD5 b049293bf4a143c54561eeb88180c16f
SHA1 037d4975242d595913e09c5cd88c327db1f3a82a
SHA256 0b741559bd6c8f90547737edb770633dc0fbe6e414e57d44806957b40e4dcf5c
SHA512 5d9baa7848957a2b4b8b70af32390bc68dd9f4c593cc38f5d6cdc2748334405b13c60814ec583679b1d6ff20af74fad776605514ef5be2ff6975c2ab0edb05a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\24506179-81bb-4b44-89c6-cddadc8671e0.tmp

MD5 d7dbe50921a2353fb24a6d2cb5bcfefd
SHA1 6787b5c0f3c67db3e07ab72702a0e1ebdda3fff7
SHA256 3cf9aac59ec0bfe0e72eb41dd0b2cc6663838aaa38535bab27bbecd588c88509
SHA512 1488830db87f319289ae247547813c4910df1543f0b63b724b105f29d2222129461243adeb1c494cddb8a0c262b93f29237283f544b511fdb25041542ec0892a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87393fd1aea067a05fcb3f21a0770ca0
SHA1 cccc5462b36fd8e6e5bd361645c7af0d56062224
SHA256 74d3bfc19fb32bd5d6b644d48fe63bd4e1694f4d8b0640e844e9818bd2c5a7ef
SHA512 5147e910a298f70c8da7d0827af9511e16116829d79f1c42b4b2b07f8beead1a7581556fc68811528f994990695a723008b3f44a3de5232115e6b5ab8f7998b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87393fd1aea067a05fcb3f21a0770ca0
SHA1 cccc5462b36fd8e6e5bd361645c7af0d56062224
SHA256 74d3bfc19fb32bd5d6b644d48fe63bd4e1694f4d8b0640e844e9818bd2c5a7ef
SHA512 5147e910a298f70c8da7d0827af9511e16116829d79f1c42b4b2b07f8beead1a7581556fc68811528f994990695a723008b3f44a3de5232115e6b5ab8f7998b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c6bdcc2c43652f6d5d6a1d1631dbb3bc
SHA1 0ee516e797d88f96c155209f7cf10788a01e8f8d
SHA256 e8b43d307dd534a5cc56d94ad6149be4d388b3a175492cd397c821252a6b0128
SHA512 bc21e18b99b8b6041ad3f6672f6fb197a1693ff2e9c9e1f817d155b6e48161dda7e8dd83adc8204e0b69e7b4e0752393dd8e71244841362c68b13d0c2b2ac6f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b049293bf4a143c54561eeb88180c16f
SHA1 037d4975242d595913e09c5cd88c327db1f3a82a
SHA256 0b741559bd6c8f90547737edb770633dc0fbe6e414e57d44806957b40e4dcf5c
SHA512 5d9baa7848957a2b4b8b70af32390bc68dd9f4c593cc38f5d6cdc2748334405b13c60814ec583679b1d6ff20af74fad776605514ef5be2ff6975c2ab0edb05a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cb9f1d38da22c45f0530f283e6ec2e62
SHA1 7d56a62b7184709db0042020bf226f383507df80
SHA256 8e0ac32892378e4a0f2d0d544b91f22cf1f2f3884136174c6f399c4ee0fd3483
SHA512 e00cc8e2afcfb5313fa8d1d6764a59284e36d02a37bcb7db7651b296a223b2e315eebfac6230dd9da92475b644cb4f4139b4785092462e407f129b8c58f4a54f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4c39718723abc771f14d7357b8121ff8
SHA1 2cd114cd709a39241de2e92d4bef93f2e38b268b
SHA256 4a23cd9ae894ea316dfac4f3004a2a55173ba95f2b879631e719a73dd28b3e22
SHA512 31452bcc911704be28cebb29612509aa16371dec918b716a8139247e8386436ca0e5498af8fd20abb7a9fb0eaaf6b6c8a15b35e0681ab74253b54a2b062e6bee

memory/6944-514-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b3841f739793e42c1a6914f02a797a3
SHA1 f75dc48f89cdfca6b83e9dca3967d2abc6057b09
SHA256 a6dd2f90402c6116027f8b3afdc596864bc838ef41508fc5301bbc00dbb6f7c6
SHA512 01ae4c2a8a084053cb160b36c13ddcb3c19672c7d8ae83e498be31b80d22630f26003246b702b6b47b3869471ec16e5a3e4724250fd6ae5b264cd2c61eec9c64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e7ded3e9eac16697c40e02991e069b3c
SHA1 7bd6a744c345f75a4b0b38697e3bf1f3385458ae
SHA256 3ea245bce6a6bc2ad50954401539a7e9861a9bf683a672b89cedbba704f7c97a
SHA512 d6cb7110bcfb1d57cc9e847b2c2677462ee820eb56a4a50ed4dd51a89505438f60f177e4b687e314a704018b9f91a135228b7c8fc17946abc86c9cb8fb5d5ce5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/6944-668-0x00000000742F0000-0x0000000074AA0000-memory.dmp

memory/6944-679-0x0000000007DA0000-0x0000000008344000-memory.dmp

memory/6944-684-0x0000000007890000-0x0000000007922000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64f1f67e22b239660205b604e5e78f97
SHA1 2345691b7d603519c52d18ae089139ed586824f5
SHA256 1a4d8c8f24dfc52d21833ac85c6aa493053675d372e22cd27b91acaa6a230e27
SHA512 edd73de2478b01998c7a46584d6ee89aa40be0a199c8832bb65e0b2b467a77e0bfa552db2bc71baf010ad72849785490c0a65e7603a46c31a34346b8d0d0e01f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a6d71.TMP

MD5 1ca2f87eef4a229690e3c3aac600263c
SHA1 bf995d11db85a0f7261c073bf1327de897482ee7
SHA256 200ef5cbfcfbffe1fe99a53aa22041d6c288c8402802c9c87bb9205b31921e19
SHA512 ebca556bcdddc4380d449a70d54101090f0bb8bb8ec05c72d5e52509e6e18a4973444d533a4884083ec663f706d407ac4fc375b0f0a742dfdea2365903029b86

memory/6944-744-0x0000000007A50000-0x0000000007A60000-memory.dmp

memory/6944-762-0x00000000742F0000-0x0000000074AA0000-memory.dmp