Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-fpm3kscb79
Target 5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2
SHA256 5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2

Threat Level: Known bad

The file 5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Mystic

Detect Mystic stealer payload

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 05:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 05:02

Reported

2023-11-11 05:06

Platform

win10v2004-20231020-en

Max time kernel

180s

Max time network

184s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3272 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe
PID 3272 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe
PID 3272 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe
PID 1620 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe
PID 1620 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe
PID 1620 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe
PID 112 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1820 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1820 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3276 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3276 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1668 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1668 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1620 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe
PID 1620 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe
PID 1620 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe

"C:\Users\Admin\AppData\Local\Temp\5b54c0468357f58ed54776adce9ba78e301a4a45752ce77b07edb7411c276aa2.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x108,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcff9546f8,0x7ffcff954708,0x7ffcff954718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13543672565165526063,1884608261014124671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,2962349362266794220,2380799901715870200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,2962349362266794220,2380799901715870200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8820224234328036208,11168590051437523696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8820224234328036208,11168590051437523696,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6027766690563213035,15733284951071437856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6027766690563213035,15733284951071437856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13543672565165526063,1884608261014124671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16059057698454224547,16312646935363437827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,15659324265795181131,10925420250393221121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15659324265795181131,10925420250393221121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16059057698454224547,16312646935363437827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11290518139219687435,16389982640173545607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11290518139219687435,16389982640173545607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7124504774288245117,10865718037985805770,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4443219288201956545,17370441448887692575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4443219288201956545,17370441448887692575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7124504774288245117,10865718037985805770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3pj18jX.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3pj18jX.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5264 -ip 5264

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 540

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,15595810857731482302,9183358190374446119,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6904 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 120.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 3.210.187.106:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 106.187.210.3.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 157.240.5.35:443 facebook.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 151.101.1.35:443 t.paypal.com tcp
NL 216.58.214.2:443 googleads.g.doubleclick.net tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 2.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 rr3---sn-q4fl6n6d.googlevideo.com udp
US 173.194.57.200:443 rr3---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.200:443 rr3---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.200:443 rr3---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 200.57.194.173.in-addr.arpa udp
US 173.194.57.200:443 rr3---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.200:443 rr3---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.200:443 rr3---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
NL 142.250.179.163:443 www.recaptcha.net udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 172.64.146.120:443 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 172.64.146.120:443 tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.219.90:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
US 172.64.146.120:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe

MD5 041142db93fe3824943a10724020fc68
SHA1 fa3961dbdd983d7d20a141dd24d3fe237650af96
SHA256 64d7a28852b35d313a7e73cc7c785795ca3e5cb36c2106fb562814c3963d60ca
SHA512 75744ba228fcb6fe00ed24e3d1803b6df9c16b65eaafcdfbce3430b2facdddad5f9955653173dcf2025637d18a90101d5ea2393a0217e75d5e45d7a6ab9ccdee

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sv0fl66.exe

MD5 041142db93fe3824943a10724020fc68
SHA1 fa3961dbdd983d7d20a141dd24d3fe237650af96
SHA256 64d7a28852b35d313a7e73cc7c785795ca3e5cb36c2106fb562814c3963d60ca
SHA512 75744ba228fcb6fe00ed24e3d1803b6df9c16b65eaafcdfbce3430b2facdddad5f9955653173dcf2025637d18a90101d5ea2393a0217e75d5e45d7a6ab9ccdee

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe

MD5 a59c1c432e355ef8e546d6eff6561e4a
SHA1 f8cfb13348abf3e94927ac82fedf1a83bd9c2b0b
SHA256 f543f63443e1860ee8de7f32fb74f7ea10def4b376131237efa85f44f5d9c223
SHA512 66a47268f17d4f0a708fb65379567706956a2da54af2617de871a027b9c51c4c1d02853b2537432d3e36c4a1b5b9a375e67cf2a2cd25523b2c53a28f51c052f5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xY66zl3.exe

MD5 a59c1c432e355ef8e546d6eff6561e4a
SHA1 f8cfb13348abf3e94927ac82fedf1a83bd9c2b0b
SHA256 f543f63443e1860ee8de7f32fb74f7ea10def4b376131237efa85f44f5d9c223
SHA512 66a47268f17d4f0a708fb65379567706956a2da54af2617de871a027b9c51c4c1d02853b2537432d3e36c4a1b5b9a375e67cf2a2cd25523b2c53a28f51c052f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe

MD5 3322929a4f9286c5062971cfa79bcd19
SHA1 d66b0c21f593119c60e4cd8f9ee1d72c3bc170ae
SHA256 72d6b4406c2783fdafaf4fee4f8568ed277219c53742f55264527b9c3adc809e
SHA512 cbe33e987f1a51155ff138ef51720df9558743949a6adedbfe81ec49d3c994d509eff6bd18216d9cf13190104d72779c268f5b90532c9d976db9fa3dcf867bb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2KW2218.exe

MD5 3322929a4f9286c5062971cfa79bcd19
SHA1 d66b0c21f593119c60e4cd8f9ee1d72c3bc170ae
SHA256 72d6b4406c2783fdafaf4fee4f8568ed277219c53742f55264527b9c3adc809e
SHA512 cbe33e987f1a51155ff138ef51720df9558743949a6adedbfe81ec49d3c994d509eff6bd18216d9cf13190104d72779c268f5b90532c9d976db9fa3dcf867bb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_2516_REHIJNJPCEBINQVO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_940_AGIUPBPKTYOVQBNP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4252_UZYEJFHBGLWPFYOZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2996_SSPJNMYDNMFWNJIN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_4336_AOYZVVNQQNXSEKND

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1668_TDBSVJGQSSPBBZTH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1480_XDQNHFUEAVWJZEGP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3276_MXAVWAPGZXSIPUZY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1820_OGOTRRREAEIQMHFL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 10c9988e4cb2834f669dfab68ff84842
SHA1 b2f9eecc4479c928c871a00964d48a28054c105c
SHA256 f90a3d962db8870d210b23d382b4ed01e9a8e7f02d303e5b99e94fb4daab5e0d
SHA512 9b773b747e7b29739c526b847039dfe70664259baa1967967d5d1c1cba01062fc66f95edf5356dd4c67a7fecb967484ab5cb13aa2069d3d0a2bbeba44fdd89bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 54096c3d796db4a22a2ef4c5a8aeef73
SHA1 c20082d4de4e8ee96ae58a0d993d0882ccf8ba18
SHA256 7e4bb1b78ba433d140b30ff6124df1fec1c3d268e5023257da343fed7f4fee5b
SHA512 3b38aa62a222b8e1b95f6e834d0a8c7510fa07ce4d7b656780365b639c3af02219fac0ea5eb443de3c9330a8e59f413225e2ca0866de4271b4de3b6768ea7685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 54096c3d796db4a22a2ef4c5a8aeef73
SHA1 c20082d4de4e8ee96ae58a0d993d0882ccf8ba18
SHA256 7e4bb1b78ba433d140b30ff6124df1fec1c3d268e5023257da343fed7f4fee5b
SHA512 3b38aa62a222b8e1b95f6e834d0a8c7510fa07ce4d7b656780365b639c3af02219fac0ea5eb443de3c9330a8e59f413225e2ca0866de4271b4de3b6768ea7685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27be6d1808df422128f21e9bcb026ae2
SHA1 d8a42ca9d141e4e8f67fa4ef2cbcd83c8ff37641
SHA256 6c8a92555c4e5de9f4a2b29241a6916da3cffdfd2b53d6ed926a658362cca96d
SHA512 077e4f63830e8b0960007adcfd3e59e9c521e7230cfa0ba55acacb567d3032860963423061478c76e0b85c42229589164cda0cdddd855e73c3309678fad953c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a037b167-0640-4edc-9bb3-63c4d79142ed.tmp

MD5 2a6f723307dece95ad20511c28082b8d
SHA1 8a49dfe20a490a86786462d4a2abeca3e3f84702
SHA256 de338fdaa79eff7127b1a3a8bc90380206a1e806a59b9177a7282ef462de6fe6
SHA512 f305a0a1dee0c7f6d6ae876bf1d4e22947ecb0562d2f42db332f70f105ec17ef0e241f4b8c26019998a35bb47cc3c072b400cd1697df19b3df99b9dbe260ba9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27be6d1808df422128f21e9bcb026ae2
SHA1 d8a42ca9d141e4e8f67fa4ef2cbcd83c8ff37641
SHA256 6c8a92555c4e5de9f4a2b29241a6916da3cffdfd2b53d6ed926a658362cca96d
SHA512 077e4f63830e8b0960007adcfd3e59e9c521e7230cfa0ba55acacb567d3032860963423061478c76e0b85c42229589164cda0cdddd855e73c3309678fad953c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e69500da1c5e74a79974106a57add9b
SHA1 cdda14dfbeec1e3467d1bfc2a9969e774dfec5cd
SHA256 6158c1f6fae1551c83abf567db9e05c054e22ed33bd64d268fc4abc7ac0f0b8d
SHA512 ff868c134764e4070e2ba05f341a33f21df620d5df7d40ec639a58656124302ffe41e0aacca8e7b3429de95a7f81b74815ed3e748af21e51fb5f0049cee4afb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2a6f723307dece95ad20511c28082b8d
SHA1 8a49dfe20a490a86786462d4a2abeca3e3f84702
SHA256 de338fdaa79eff7127b1a3a8bc90380206a1e806a59b9177a7282ef462de6fe6
SHA512 f305a0a1dee0c7f6d6ae876bf1d4e22947ecb0562d2f42db332f70f105ec17ef0e241f4b8c26019998a35bb47cc3c072b400cd1697df19b3df99b9dbe260ba9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e69500da1c5e74a79974106a57add9b
SHA1 cdda14dfbeec1e3467d1bfc2a9969e774dfec5cd
SHA256 6158c1f6fae1551c83abf567db9e05c054e22ed33bd64d268fc4abc7ac0f0b8d
SHA512 ff868c134764e4070e2ba05f341a33f21df620d5df7d40ec639a58656124302ffe41e0aacca8e7b3429de95a7f81b74815ed3e748af21e51fb5f0049cee4afb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 10c9988e4cb2834f669dfab68ff84842
SHA1 b2f9eecc4479c928c871a00964d48a28054c105c
SHA256 f90a3d962db8870d210b23d382b4ed01e9a8e7f02d303e5b99e94fb4daab5e0d
SHA512 9b773b747e7b29739c526b847039dfe70664259baa1967967d5d1c1cba01062fc66f95edf5356dd4c67a7fecb967484ab5cb13aa2069d3d0a2bbeba44fdd89bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 527215ca4d11004cd52e0338761b00c1
SHA1 9596e8a7f378688d5b5811d5c804f2e1c32072cd
SHA256 f30645bac84d447e4f96c062cc2274e2130f8c60253e49d6c2dafecdc48d3951
SHA512 c0691ea076dd40ffe2dc073d3576406029529099c8bcfdaed732a12d848767ae6c94d17a91fd5f428f59de5deaeee1db8425a1cee1e1873c3288e32d6265bb8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5bcba4c4-e8bf-4516-ba77-7fed4f42af18.tmp

MD5 d5ab8fb5e582f59f1add5cd23b210fa1
SHA1 feef761e0f6b84bdba28d145ea52bb2fcddb375d
SHA256 5e67bc16bab58b3da858e9218c1be243864471eedb1d8bd35e4b0dcf07e9ae9b
SHA512 5cc15bf29eaa72f5c478886531fc90f0b25c1dc50bd7901253de0f8b2c2cfd06544dbcea0d898f47608245506b203115d6c29451ce488c1c14df640f1e97c7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d8dddf6221c614a332cd3ecee010a9db
SHA1 7091c772af7a40be402bafe5fe97070965ce3fd1
SHA256 999829e380bf4213f0a344870b73db9e786d29b5354b90807704ca1a286ea188
SHA512 294c45b1792a1c3cd8bfa81806272c08f1c3158a1ac6b7cc510052dd25310521200619e77bb8255e17e37d68fba662cd49b7de72bc7b9fe74f8b01ac7202f059

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d8dddf6221c614a332cd3ecee010a9db
SHA1 7091c772af7a40be402bafe5fe97070965ce3fd1
SHA256 999829e380bf4213f0a344870b73db9e786d29b5354b90807704ca1a286ea188
SHA512 294c45b1792a1c3cd8bfa81806272c08f1c3158a1ac6b7cc510052dd25310521200619e77bb8255e17e37d68fba662cd49b7de72bc7b9fe74f8b01ac7202f059

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9759ccc2-1aab-4b30-b428-0f3529af9c43.tmp

MD5 e96b8a3a617c7074164a793fb0851092
SHA1 de42ea1d39afc4ca91b34a85dc58937eaf5e5f61
SHA256 2c114ee661b84bd14953c04363d4efd14a53ad15eec1aa60ea2fe2b572819da5
SHA512 8820e3cfb7bd215efa2cb486c0ae3442d1aa5e4cbc7ec80bbed692e1beb0e25fd77fe8a0d0ee80c46929f19cd0a61957015281ee9dd436b4530f339404e4e9ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d5ab8fb5e582f59f1add5cd23b210fa1
SHA1 feef761e0f6b84bdba28d145ea52bb2fcddb375d
SHA256 5e67bc16bab58b3da858e9218c1be243864471eedb1d8bd35e4b0dcf07e9ae9b
SHA512 5cc15bf29eaa72f5c478886531fc90f0b25c1dc50bd7901253de0f8b2c2cfd06544dbcea0d898f47608245506b203115d6c29451ce488c1c14df640f1e97c7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 527215ca4d11004cd52e0338761b00c1
SHA1 9596e8a7f378688d5b5811d5c804f2e1c32072cd
SHA256 f30645bac84d447e4f96c062cc2274e2130f8c60253e49d6c2dafecdc48d3951
SHA512 c0691ea076dd40ffe2dc073d3576406029529099c8bcfdaed732a12d848767ae6c94d17a91fd5f428f59de5deaeee1db8425a1cee1e1873c3288e32d6265bb8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88bb7f0400eba5cebec0a7cc44cbdc7a
SHA1 9216caa6ed70231d4dfb00674514502a70c103a3
SHA256 07a6ba7dd1e394ea111ed769b07dcd000bfe2c18ad95dda5e94ccb5eaa6663e4
SHA512 2157121a66c58af0cea1cf59f1991d652d5aa96281174670f5993e7a0605f89001e85e7ac6570b4dc5a07b366c0bef4265f3aa29f2732aae575348e2cbf9d15e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8e875176c7704083df8357739ae9253
SHA1 1b67808b063769d95c0a3ce6d1974ef4ec8d41c5
SHA256 10df8554ae973ecc0870a84720d7354b02ca231301ef8fb4a750e8a282c7b00b
SHA512 cd4ff9daed8033bcf7705bb20b476d3945d22609048d6a17ce6311bb2747253c582059e913a64e024ccba11d7ed78b3e3bf1236996bfa588fb3980077ccfc6a9

memory/5264-392-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5264-395-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5264-394-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5264-397-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f329d686d670ac8846e1cfe141d3ceda
SHA1 262ddfd6ff284b5832d232df9c32aac052d0ecda
SHA256 560983f5155117857276799e09cbe8bfd19c59d9141b264b56b35ab6c4a79958
SHA512 2702d49efe9133dd1b855f3d83c39824949e50de6067f890c5cf5506f3a7dd048fb50f9bec13af950911865728b5bd7052d668e88ac9e42f1cc800337e6928cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

memory/5236-417-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 664548c184a673c4e0d1adebb6183d1d
SHA1 109adcc82ccaa385e9729b08671b72dd74600f5a
SHA256 b3d931716f2a811edfb0899a379e42af704c0e73f57a7800ae6377db969a0488
SHA512 813637c75fe1726385e665b3036a42903cae985ffaa8b1e890fb48a09eda7df346db9a71e75754d3cf9994a70e3cf07ffd1912f66e21e5c93cfa4417cd694399

memory/5236-537-0x0000000073AF0000-0x00000000742A0000-memory.dmp

memory/5236-538-0x0000000007BE0000-0x0000000008184000-memory.dmp

memory/5236-543-0x0000000007710000-0x00000000077A2000-memory.dmp

memory/5236-573-0x0000000007960000-0x0000000007970000-memory.dmp

memory/5236-605-0x00000000078F0000-0x00000000078FA000-memory.dmp

memory/5236-638-0x00000000087B0000-0x0000000008DC8000-memory.dmp

memory/5236-662-0x0000000007AC0000-0x0000000007BCA000-memory.dmp

memory/5236-667-0x00000000079E0000-0x00000000079F2000-memory.dmp

memory/5236-669-0x0000000007A40000-0x0000000007A7C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5236-675-0x0000000008190000-0x00000000081DC000-memory.dmp

memory/5236-719-0x0000000073AF0000-0x00000000742A0000-memory.dmp

memory/5236-724-0x0000000007960000-0x0000000007970000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe597d16.TMP

MD5 33b6aecbf075d59ce0f064da8c4ac893
SHA1 a77997324971c6392c514ccda5f2a2160b9efbbf
SHA256 69ef6d6ad3efc005c8941c42b649d38cea026578164aca60a7f4aadb2c77821b
SHA512 7ac57f1604cf7e11bd464533aa1fc12cef39a0b47d1395a2e2c1d3fb3c92044de0060559149140fdbcf16cc187409139bef6128eac1c13b47b0deb816bf28c78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2e731d47975a258d0b4aa2904b419739
SHA1 03db3df29ec0d62feb33971b51fe1dd1d14f1ebd
SHA256 cddc0020f99aed7bdc567934f9a95e8bd0c6363c8f1c4940e00e00228e23da25
SHA512 52f2b0e024c1c12a78e9cb99b6fb0cb14692e360849e37c4328f0faca7cb54b07288dda44673c30037e7f4e7762c14456e0e1cd1299292cb962244990e558649

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b89571a9d2ce93c1cb272474c72ff03c
SHA1 74dd5d7b668289ec3ce67194de4cdc8333241d89
SHA256 41a8f178b5ab7795f314499b3b145e1e4f11b1f72f66bcefd8f3c6905399ca00
SHA512 0686f11437f1a3fb4d76f0c159b187acce8cc2c43243a65666ce709142e053e5badac9c2b158bcb606eb1fbb533dfab64db113f506506ad0690881315ed3affb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 12b682c6ae2d8eb7ba22ced6d596f758
SHA1 818ef01c928917635d16732bfee04b882b217a8f
SHA256 a85348fa5a311aaf9701b5c98f4b66b6b0c4571be3e3d71c92feb752545db0ef
SHA512 a79fdf685108ff46e00d96cc0c4f2a9b8b13ef37d7544329a6724c651fbce8bb6157aee6f6bb45ea338af896905fb20b3925a4f24fbce86d33337c408f163402

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 094336ab209c5a2f3621983aa3277758
SHA1 2c618ae1f032733a9a387f7643fab6be379c307b
SHA256 45fb9b5c6cf81e928b1cbe0c88b7bb47887cdb79c80714f41c91d43ff8fe0a69
SHA512 d27e414854db8d82fe2785923bcfacc1d2a73f917feadb64f0dcd0cd0a424d2d301ff396cba40a316c4938adb1086c24561dadc419c23c7ec3cb0ae41dbbc9f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c47eec14bd6d6e28888ecf43d2dd6fe4
SHA1 1f67a8753ec0c0de08f228fb429349478d2ab3ff
SHA256 cfa6e69eca58383273e46058b35009b2b0be19b918f6753f0c5188d8a41c9c85
SHA512 7e1c92682462349acb7f5705392e916620a10ada8af46d368de1d0f97f4447b907640045da49ce3e4dd1ec4802b12c8e81209bf4bae7495bde3b7cf5b0433e1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597d16.TMP

MD5 a18386dc38ab48ea772726b505718032
SHA1 db3a3239da708ecabd2380fca4164473a1e77b2b
SHA256 2e6c9fb56536fb60150bdc5308e009a444d6e42e7478801fc0a4920f081fea84
SHA512 1fbc9f69e42391cab8748cf7c52a7a145bcf759ac31b4977032d299c03a195feb9ea1d91dd9cc5b0a680f57ecb61183619181bf2983a073d77df785aeb717924

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9033ca590849d33db0b25cbdd60ca76b
SHA1 be226c06a45918cb24a5e15aa84e4d3280235c24
SHA256 e47e31fef977f35e14d755429dfa442e5e64f265b0b44f3932f548ea009e5f0c
SHA512 8f97c2db36ed81b133daf82371911254e635c51570e55fa48c4d896953f7b028c3518f99d7819d8b70867523ddcb91b52871ec34b08558151bae8a01df675ee2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0340ec87e766eb41ba1a5b9982b736e3
SHA1 3b7f236b7523eb5e81f9357dec1c1871ea5b6516
SHA256 92494584752353bf273fe750253a35c2e10979c5fdba3dfce5f2a4c87dc214f5
SHA512 663edd807bc2b43e586a77f490ee551762858e4ab0ef389eefed4c5f23cf61bc458f4624c19310e28822113dabc44b6e5f889ac700f4673d8966b9fb18ce7dd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f96839a6844d514d93e1521f5922b772
SHA1 a19390b72268a9c7d1328ebc3f8e261795b6bcbb
SHA256 a408bed38a3e899e0bfcf8570f0756c5d43c59b5ecf4b23eba68b59e22a6b2cc
SHA512 24ea86b68810cb2b06c6dbcf132f59d9009f611d84192e4319f3c318cebd3497bf93d51dc388578a50803f45e14f5b9d43ef2e4176d5d99abef9a85c0007dcca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 688f6451f16b57797236ffb956cd13c6
SHA1 6c89631a37d5fa4b8d4d1c064b2c51c37fae36a1
SHA256 906372be643cd2b332243d97f9436dcb66c1286b12826396df9243fef774bd8d
SHA512 03052a9cc2ab519adf3248973fbe5e17fa20d1d02f9f0fcc0e355ad16d3f9dfa7a92ebdc1b52daf6d555dd3e1249fd35b448245edb7fffa35a1453ceb4947adb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b2e446ee8df4e29d25e80b5ec242aa14
SHA1 064a18563f376ada7a4a3fb101d37878139dfde8
SHA256 ac98f4ef01db18572e396982c2252d8fb21fd91cbc419810b4966564dfded8ce
SHA512 7b25989b9078fafbe19f824847391594cb88a6d59f03209f1d7615099078c990a898c0d2ee94b7b7882a8fa100f7275ab8268647fb48cc06b86d354460ca93ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9005718909bf757a338724b640faaa85
SHA1 98819d109d4438070c96dbf1c72648c3632fd804
SHA256 aa37ab3cd4b782ec5eef3fe3ab914dfda509e5977c73bdaf761a90b06285188c
SHA512 e63da7802bde0768a2cdf4b8871a509dc2e64c94aeac1ac4583b31fb071d35be8c34de07d8c7cf2e0015fbd4e592ebf2c2ee78a53fc7b4d027db2f6b18ed50d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\77e21e0e-c734-4d4b-8092-2824a2a424cd\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 3524d4a95c857ad0ce4e0c32acfd02cf
SHA1 b2e01c6f39e878ead124a4bf82069f5177d81960
SHA256 9828f3c3ab72df148ebf86750ca031fe43fc9632f9f89141db4bae32f4e9b5f6
SHA512 39efdcf989a6585fd2d0cd8dcdc76a079ec152b759ad58e0b75d02773486e11b83c6b190467fa94fc4ef9880e7415f6969bcc1f4618e5b6a8676a9a4d0e4f0d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe598bea.TMP

MD5 c4bd48b8f3f6c4be918c9c1fe17c4e47
SHA1 ae2c6f704cada87af0b4d57c910769cb17f44bdb
SHA256 4c6043e6f830cc2341f8deb5b4be093d574ba6ae71e40ae465b7fa5038766759
SHA512 50317b7e9a24c53d4bdb925a8470c9c7b81aaeb1124936b404634eeed37e105323218d43ffc0ea7dd3a6df37c609cd444fcca1f0e267d2bdb0760724b0eb8797

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c