Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-fv5vkscc94
Target ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408
SHA256 ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408

Threat Level: Known bad

The file ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

Mystic

Detect Mystic stealer payload

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 05:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 05:12

Reported

2023-11-11 05:16

Platform

win10v2004-20231020-en

Max time kernel

196s

Max time network

206s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1956 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe
PID 1956 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe
PID 1956 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe
PID 4452 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe
PID 4452 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe
PID 4452 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe
PID 4468 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe
PID 4468 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe
PID 4468 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe
PID 4260 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1284 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1284 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4616 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4616 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 1568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 1568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4284 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2112 wrote to memory of 2692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2112 wrote to memory of 2692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5116 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5116 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 2100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 2100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 5152 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 5152 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5152 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5152 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 5864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408.exe

"C:\Users\Admin\AppData\Local\Temp\ab28658e1e010977976ba2783d2c65cbaefa3d9242394863914f14762a2f6408.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x148,0x170,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff845bb46f8,0x7ff845bb4708,0x7ff845bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9013097030532652680,3653505358152265956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3190335010125664910,8701632299911681488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3190335010125664910,8701632299911681488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2757643278932225871,12457587861872501965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12818231417053037475,17009626903393016985,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,14798835732322874773,14081360534164894554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9013097030532652680,3653505358152265956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4862063047008125877,10634598766645335638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14798835732322874773,14081360534164894554,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4862063047008125877,10634598766645335638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12818231417053037475,17009626903393016985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11296259314422917519,1919394644598730125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14942356947465140329,3616841317354258964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14942356947465140329,3616841317354258964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,212486597863943958,9678916535111889590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,212486597863943958,9678916535111889590,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2757643278932225871,12457587861872501965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11296259314422917519,1919394644598730125,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4MT0pL4.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4MT0pL4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 8896 -ip 8896

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xg72PJ.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xg72PJ.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13464710560533670965,15458031888748372368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6tn630.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6tn630.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 254.109.26.67.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.paypal.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 3.94.39.90:443 www.epicgames.com tcp
US 3.94.39.90:443 www.epicgames.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 90.39.94.3.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 192.229.220.133:443 video.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.67:443 analytics.twitter.com tcp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.42.244.104.in-addr.arpa udp
US 104.244.42.66:443 api.twitter.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
DE 172.217.23.214:443 i.ytimg.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 23.21.113.241:443 www.epicgames.com tcp
US 8.8.8.8:53 241.113.21.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe

MD5 cd633d4e45a2650c946b429e16ec2665
SHA1 484130059fb2bea1c7b6b015b1df4111866e8e3f
SHA256 c698dc949cf9d1554c135aa129705f3f94760a223aa989295e5a6cd622bd99b6
SHA512 d61769a0be46b721c5e06ddfa6b598b5bce0c2438eb51b21f420760bba5e5485bdbaebdc5bc6f0b55a63617d41b6d77f44f1bed10ed17b3363516b58f75f1aff

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eo8ni91.exe

MD5 cd633d4e45a2650c946b429e16ec2665
SHA1 484130059fb2bea1c7b6b015b1df4111866e8e3f
SHA256 c698dc949cf9d1554c135aa129705f3f94760a223aa989295e5a6cd622bd99b6
SHA512 d61769a0be46b721c5e06ddfa6b598b5bce0c2438eb51b21f420760bba5e5485bdbaebdc5bc6f0b55a63617d41b6d77f44f1bed10ed17b3363516b58f75f1aff

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe

MD5 721f0ee25310812ee42a09e906c5af77
SHA1 907acd9ddd37825149ebe4c2c4b7f1cb5f8d32dc
SHA256 2b19c25dcfe5dd08203f65fb1e09b0e92adb373802ed760f8c0ea8cab6096a94
SHA512 31db9f10d72bb8f351a7d0064559fae71f7bb1f46463d1f736be19a15d372c9266227cb3cc9f80c4a4cfce6ad42f4aa7064438f9e92bdee536f10dc39bc5ed4f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE2Iz25.exe

MD5 721f0ee25310812ee42a09e906c5af77
SHA1 907acd9ddd37825149ebe4c2c4b7f1cb5f8d32dc
SHA256 2b19c25dcfe5dd08203f65fb1e09b0e92adb373802ed760f8c0ea8cab6096a94
SHA512 31db9f10d72bb8f351a7d0064559fae71f7bb1f46463d1f736be19a15d372c9266227cb3cc9f80c4a4cfce6ad42f4aa7064438f9e92bdee536f10dc39bc5ed4f

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe

MD5 f81e0ef67af5577c3297c1debf1dc00f
SHA1 6af49db1645ae4428a4d97f7c0ec9d74a5a8f9c3
SHA256 b358b893b11525519b1cd0e8a7f826782de596858511369c97c3142180390062
SHA512 866309031a80369b89f413c7efe6175565ddaa0a2f2ee5af91f02029a65d0dc00ed8566ec274423c424838458007e5c0f1f05b0e5167dfc5b1e4fe37d1ad9580

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Rc428ae.exe

MD5 f81e0ef67af5577c3297c1debf1dc00f
SHA1 6af49db1645ae4428a4d97f7c0ec9d74a5a8f9c3
SHA256 b358b893b11525519b1cd0e8a7f826782de596858511369c97c3142180390062
SHA512 866309031a80369b89f413c7efe6175565ddaa0a2f2ee5af91f02029a65d0dc00ed8566ec274423c424838458007e5c0f1f05b0e5167dfc5b1e4fe37d1ad9580

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4MT0pL4.exe

MD5 2ea1fe5e48ff5e021b18c632d674cfd7
SHA1 5d4f2c90048e5a04a3cef2f8045fe65f5a3464a7
SHA256 189abcba819ada066ab0e305a49a6a95d4ae5f53e3f9fc62d1e0306d9398ec42
SHA512 26f90d2c5c828e493049629cf5c67fc3f71eda78b364acbba666633907dc9aab9ccbb21b9ebf626f03cd188309b0336c0313c5222f31f26c3e07775d147936a9

\??\pipe\LOCAL\crashpad_4616_KLOBHGOEGCZHITWL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2112_UUGETNCEERZMXHTV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4456_WYZLJDIPVRROAERI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_5152_TWTJMWFMKEEIHWVQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4284_UYPNGUOHFMGJTERP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2368_DWJJSMWJOKAMHKRR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5116_BLPKLKYOGZUTCXJN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1372_KHXGLDQANCCXKDQF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2204_MPGWSXBWMJSAAGVO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1284_WWSMKYEJRRZXGKWB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4MT0pL4.exe

MD5 2ea1fe5e48ff5e021b18c632d674cfd7
SHA1 5d4f2c90048e5a04a3cef2f8045fe65f5a3464a7
SHA256 189abcba819ada066ab0e305a49a6a95d4ae5f53e3f9fc62d1e0306d9398ec42
SHA512 26f90d2c5c828e493049629cf5c67fc3f71eda78b364acbba666633907dc9aab9ccbb21b9ebf626f03cd188309b0336c0313c5222f31f26c3e07775d147936a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9dfb28f7e8a3fafd67bdbf510f694e9c
SHA1 3314df88a93ea1fad95d09c8c86dbf8985a23b5a
SHA256 c7c747d4b773b6d34eda26272496657380d5aabf32a0adca834ed76188b8d353
SHA512 6eef3adc8b5130336ebf370aa2c6a7cb7e6055b2bceffdb0b853af6c47c1243e9b186d9744d73581a7f47645a70fefdca011fa418b36c68dae01a93f08483220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9dfb28f7e8a3fafd67bdbf510f694e9c
SHA1 3314df88a93ea1fad95d09c8c86dbf8985a23b5a
SHA256 c7c747d4b773b6d34eda26272496657380d5aabf32a0adca834ed76188b8d353
SHA512 6eef3adc8b5130336ebf370aa2c6a7cb7e6055b2bceffdb0b853af6c47c1243e9b186d9744d73581a7f47645a70fefdca011fa418b36c68dae01a93f08483220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4e00f390372c44ffd99d0bb4786d49d8
SHA1 0188db952b31d26a7c59f9300d0954555c4f54b6
SHA256 51e497404b1c0ce903b29e4ba42db500eb1cdde8593aa0f94f1f019935e71b0b
SHA512 7f2ac44ab583302839617e888ae0c2746e4c1d1ac6d0cee835bc1bc1c9454b90e56a28260aafb8863f1ca492d1fa4c9d7bdec9c46829251c529c66425662b478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a71a3df9abefeca7d612493a2de18a08
SHA1 c1e270b556e8e3877fd9bf999d412e488e03413f
SHA256 d699545a16223dc0d995ec65b2ca4b31afaba0aecd23ede6af50623c5ee9b235
SHA512 d437390c3a8abd5730ad3a5b1fdb409fba58b614ee4412c630a63101cd69a34d94e3d210f4c3acd0cd6287f0369833ce939690b0936b2c749df02a8477edca60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a71a3df9abefeca7d612493a2de18a08
SHA1 c1e270b556e8e3877fd9bf999d412e488e03413f
SHA256 d699545a16223dc0d995ec65b2ca4b31afaba0aecd23ede6af50623c5ee9b235
SHA512 d437390c3a8abd5730ad3a5b1fdb409fba58b614ee4412c630a63101cd69a34d94e3d210f4c3acd0cd6287f0369833ce939690b0936b2c749df02a8477edca60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5fb72ea69e4c56c0665d1c3a8d7d8208
SHA1 78290d90fcaf9f4482aac852cc626ee02c31bca6
SHA256 24c42e1aa3f3c335f6b10b939e8f831ede02440e4d883696f7af547408ddb092
SHA512 689ed1d9d83318b5d7b19a8642b05b8dd6dfc1e8ad6df389637011ac58cbc45bc2c55449a3cf8b18fdf4b4acfcd151c43092c996fff2c6285a6326aab6ef6c8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5fb72ea69e4c56c0665d1c3a8d7d8208
SHA1 78290d90fcaf9f4482aac852cc626ee02c31bca6
SHA256 24c42e1aa3f3c335f6b10b939e8f831ede02440e4d883696f7af547408ddb092
SHA512 689ed1d9d83318b5d7b19a8642b05b8dd6dfc1e8ad6df389637011ac58cbc45bc2c55449a3cf8b18fdf4b4acfcd151c43092c996fff2c6285a6326aab6ef6c8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\994b3a73-0072-43f3-86dc-2d9812ba1392.tmp

MD5 b64975a0266a278564aa7bb23fca64cb
SHA1 5c346431a2154d3ec8c393073c8f892dc269402b
SHA256 599e6b68dfd6db4111320fa6e6f6022160c11dce673d1be504e7f28c78022a9e
SHA512 1a27d035d6c336c388e65523bffb565f19561d6ee1a68821cac407ed615b2b1ca6eb9dd83ac59a98c9ddeaf9b2345305792f650e27d9d2590b2eeb64e314a0c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6c9dc2c1-628a-45db-a6b7-9dcd50713195.tmp

MD5 197294f1883b5cd7a19d69b18abe9bd5
SHA1 4d9603fb602735df183d9f9191d9c76b5c72c15d
SHA256 bff5db6abd2043f315add767f339fbf56d866768b750512f78b75cb99e9c571f
SHA512 213c0f2c5170ef7237f7f3adea0e5ec4c333878d9dfa500681e1b936add819fd895827ba2551af8b0181725274a343dbc42cb44aba8a4b240d78cefa29f39920

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a23da97a-9e0e-4b68-b384-b315851437e5.tmp

MD5 8a8a40aff6fd18493f28e89068ad75e3
SHA1 2080d93c7ff3e118773a5db226654fd2e14054c9
SHA256 42e1772545ab8311d3d53c2e416f52d662ebda417ff84568b82b49817599f1cd
SHA512 f3782a3e8c1a4d83f89531980b5f72f11cb1d06429aa7c8860f2c8491a6495f3845836a036924c1e38fbaba161befcd2dd296a990f8e6fd23308dcadc028fe7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8a8a40aff6fd18493f28e89068ad75e3
SHA1 2080d93c7ff3e118773a5db226654fd2e14054c9
SHA256 42e1772545ab8311d3d53c2e416f52d662ebda417ff84568b82b49817599f1cd
SHA512 f3782a3e8c1a4d83f89531980b5f72f11cb1d06429aa7c8860f2c8491a6495f3845836a036924c1e38fbaba161befcd2dd296a990f8e6fd23308dcadc028fe7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 197294f1883b5cd7a19d69b18abe9bd5
SHA1 4d9603fb602735df183d9f9191d9c76b5c72c15d
SHA256 bff5db6abd2043f315add767f339fbf56d866768b750512f78b75cb99e9c571f
SHA512 213c0f2c5170ef7237f7f3adea0e5ec4c333878d9dfa500681e1b936add819fd895827ba2551af8b0181725274a343dbc42cb44aba8a4b240d78cefa29f39920

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\42d8bb97-2ec5-4815-895b-10ceef32630a.tmp

MD5 6b1c9fb7de6f9f5a02571e2e20c473e6
SHA1 a8642513f0fc55b0f1652a4596e1367209a5d828
SHA256 1d3293121e5946f13cd3d3ab47693d7c7f1987b02a65a4e10013da7a073d0d96
SHA512 93a8747b5b78fa062051873f813fb09100b403bf095007a2f448bf97a1351f9a602fbd6296c775a504a0fe68e43d789c3f96f8c8702cd79ab7af9f54c37a9009

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 354a1fce4341938783db351a5a920208
SHA1 190d356b4464894edc2c282ee00fb02774de8e67
SHA256 6e2e407e3926139b69254ad928cc9e248422ecf3e6028b12db69f7038d944d38
SHA512 fce96ca7e33b6db141b6de3312408b09598dc31158bb6d2aee416bba8475ebd29a26bb1b41167e0b78a535a990ea8300435455d0023c1021558513110c7b806d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c433cd14-5433-4032-b8d3-8a89012c55ea.tmp

MD5 354a1fce4341938783db351a5a920208
SHA1 190d356b4464894edc2c282ee00fb02774de8e67
SHA256 6e2e407e3926139b69254ad928cc9e248422ecf3e6028b12db69f7038d944d38
SHA512 fce96ca7e33b6db141b6de3312408b09598dc31158bb6d2aee416bba8475ebd29a26bb1b41167e0b78a535a990ea8300435455d0023c1021558513110c7b806d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4e00f390372c44ffd99d0bb4786d49d8
SHA1 0188db952b31d26a7c59f9300d0954555c4f54b6
SHA256 51e497404b1c0ce903b29e4ba42db500eb1cdde8593aa0f94f1f019935e71b0b
SHA512 7f2ac44ab583302839617e888ae0c2746e4c1d1ac6d0cee835bc1bc1c9454b90e56a28260aafb8863f1ca492d1fa4c9d7bdec9c46829251c529c66425662b478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b1c9fb7de6f9f5a02571e2e20c473e6
SHA1 a8642513f0fc55b0f1652a4596e1367209a5d828
SHA256 1d3293121e5946f13cd3d3ab47693d7c7f1987b02a65a4e10013da7a073d0d96
SHA512 93a8747b5b78fa062051873f813fb09100b403bf095007a2f448bf97a1351f9a602fbd6296c775a504a0fe68e43d789c3f96f8c8702cd79ab7af9f54c37a9009

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b64975a0266a278564aa7bb23fca64cb
SHA1 5c346431a2154d3ec8c393073c8f892dc269402b
SHA256 599e6b68dfd6db4111320fa6e6f6022160c11dce673d1be504e7f28c78022a9e
SHA512 1a27d035d6c336c388e65523bffb565f19561d6ee1a68821cac407ed615b2b1ca6eb9dd83ac59a98c9ddeaf9b2345305792f650e27d9d2590b2eeb64e314a0c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5fb72ea69e4c56c0665d1c3a8d7d8208
SHA1 78290d90fcaf9f4482aac852cc626ee02c31bca6
SHA256 24c42e1aa3f3c335f6b10b939e8f831ede02440e4d883696f7af547408ddb092
SHA512 689ed1d9d83318b5d7b19a8642b05b8dd6dfc1e8ad6df389637011ac58cbc45bc2c55449a3cf8b18fdf4b4acfcd151c43092c996fff2c6285a6326aab6ef6c8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9dfb28f7e8a3fafd67bdbf510f694e9c
SHA1 3314df88a93ea1fad95d09c8c86dbf8985a23b5a
SHA256 c7c747d4b773b6d34eda26272496657380d5aabf32a0adca834ed76188b8d353
SHA512 6eef3adc8b5130336ebf370aa2c6a7cb7e6055b2bceffdb0b853af6c47c1243e9b186d9744d73581a7f47645a70fefdca011fa418b36c68dae01a93f08483220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 095fadedf37cb8ed76f2eaa95cc1b2d2
SHA1 b6e75159f09682424d63aeba3440455769b216d3
SHA256 7239c58e3344694a374daabbd74b7d6a86735398347b6791683eec8bb7e17eb8
SHA512 6d3d4e4d7ec6f3dad788634f285b98c99ae705714b183aed5a6461dc06dcd6a313c2c933c864e8f2638a611057b45e13df7e64ec056ea45805077e11942fa1c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a39530c7214960f9279431993b1c23f7
SHA1 aea494d1d5728fc40ca6a4a7e739a9dc85d1e3c8
SHA256 6da081db5bc38c431f74f55a713cd834012eb463bf0515ea1dcea2c536b1826f
SHA512 c8c71cdae9c7d8f0cdc14b58283c4bc80548ccc169378927faf7f2fe437979a344ef68ce9439f6ce5a72db6e41595a6d3905a3b42a63a8ce2684af8b408c6438

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 501bd1037058eec01d7b79ac82322e86
SHA1 265c7c6b061431958ad16395de9e551d66c83875
SHA256 89125c76ddf2c134a03a40efd6671b802117ea0262c15d262defcf807a5b27ed
SHA512 1b4e9f5abff805270141c5b74bf0b43a1db6ebd724b5e9f0dd6546701c193de7d75f38ad86ecc02589bae9d43bb23eafe4a80ff3330856cd099140effc4cb862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe59012f.TMP

MD5 6b2a97fb873cb6de0de1c84ca882f557
SHA1 398a541a61952b4b5db54d544b73bfad4ee238a5
SHA256 2281e6596e723825c103775bdcc4b221d81903c0331335aaceeebabf02e2b174
SHA512 880eb5a80ece293b24cd4b00d5f57d48751d2128eab5b249710353f585420855183d5d651f1565d4a903fd49c41fdc7a72348d82e386b45b0aff9618fb30ca29

memory/8896-602-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8896-608-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8896-609-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8896-611-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f7e912958ddbfdb728564a8a038d3613
SHA1 d5ebfda30fdab8a1908c40f72f411a11a0a0193a
SHA256 abfea6306e00d296d235d22221dd0c1e077440a0a49500ef40fba3a5440161a8
SHA512 504f8e8a3c80780b2e5935fd3b6805d446582f649bcf9a04243ba6ebac1aac56a12ddd7eaaa551008b8476910b6b9997f88b73835f24670dcc9883414d23ea7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4fa2421f851cb3921c616cd0d82c01fa
SHA1 f8d56871a1a5c27d2fe6328135a072116beed0de
SHA256 265eec379c61503bfcbb8c952f44a064efea36970cf2a9cc3f9d48631ec709eb
SHA512 7900e4057f022dcf5b3245a61d539f6a8bb3066300fc82bc9f940954ebf3eac86757af5abe67d03daee792a6d845dc82df458be96e8c80b180dff34be49b0224

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 79d87d425fc00c68336bf568b48eb55b
SHA1 73a19409eb6799fdae5a07bc503e8f5d782495cc
SHA256 94289cee34ae2a37179c1b5e07fd81a6f11381a131fefe6d661f3b800e8d33e3
SHA512 fc2011aa158eeaf571c0f7a414fd8590eecec01e04b177457f9c2f87630b523021a8533b6a64341028c043c364334f6049a16ac1b8f0ac94ae5da8afc99ea552

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3abbe0097f6098f95c37286d6c03f04f
SHA1 5dda99f03cf3d0a47cf7300aed0749f392e5b65e
SHA256 2d3aadf5dfddcbc46ab658bf7ec87acaed2e44802774ec6adc165ea6127249e8
SHA512 fe7a8e54ac5204386cce1a8dca9143141be840f76c1fd355e4a6fbade518176c53633a4ee7bbb2776d1077220f52b37b3541042493ebc41631305c12ffded886

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595990.TMP

MD5 1b8ddb0ab5fee530db10ab938af92c8b
SHA1 b1391e3d1392d844d5daafdd77e6ae0a0ad73083
SHA256 69c05e7cfb8e892ba9abb95f5d8141b0b5b4d3e244ed7adf38bd57887b0e5376
SHA512 9b40e38bcda283f2db513ea4a9f939c7c0b154fb8216dcde1a7e55ea6919eb6ca1c96f0bab2e19a0a757c31edfe4632b814bca3561d0df610fafdda1077a2c2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\133d55de-0e90-4d50-bb27-3b4cecd260e7\index-dir\the-real-index~RFe596567.TMP

MD5 6a0af10f52ebc315ec0dcbe8b5575934
SHA1 f4776befed5a9e0a2fbfe042e21915dcef743a8a
SHA256 76c963496d76418825b19beed0e4075c24dfbd17d0cd12e411ee1fa374f1310d
SHA512 3b717ea771b8df08f8d5daf6173ae8210419bd229b67c3217006a33828e92c9487b6237ca6586c54cb4c41a43aca79e0db7cdd206591a6e7feb1fa71f47f187b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\133d55de-0e90-4d50-bb27-3b4cecd260e7\index-dir\the-real-index

MD5 94ac6fd013282583a1e79da7e7ff4f59
SHA1 18c0d7f804ca4f36a72a4961adf3eb11107859f9
SHA256 4819ae1bee106f12bc44d9fe6e47f345a169cd9b379db50250d14ab46fe3ffc1
SHA512 93cf432292b419f8f7a35b27237a5783d7b055dbd7bf7366a5fc82da1f0e357f45b86cb0533a8e24428bcbbdedcc6b206c04d02e877fc8f530eb1ffc8a19155c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c7ec9543-1846-4fae-8e70-f099c53edfc4\index-dir\the-real-index

MD5 6e5fee281c64cd2b446f5c3b4fd46f9a
SHA1 284e89da2430e9d86e24330de3924bb96a46bb75
SHA256 d3e511d44deccaa1ca74ce1e4246e347c13204219db5aee253ec33537081f4e6
SHA512 bd6a9fba4ce1b29539bedae13c3af60d56acca11fcaa1c08abb54b68fc477200b2515c9c414f3f79731623b8a3f202ca7e7cdff5ea87e91a1f3d17cf9c44a68c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c7ec9543-1846-4fae-8e70-f099c53edfc4\index-dir\the-real-index~RFe596567.TMP

MD5 ed5f959dce3c76376b7f162715f81d8b
SHA1 93c5899c6cbbdcd22e1a9527a97299263879184f
SHA256 3a228fbb4ecb1ce1264e932051f07144b15c641d4b44e75544756541d19bf886
SHA512 856354d7948f0d571328a80d44a8a2a312d3327951e88b743652f38d7d8e720c030bfd7cae7bb2fe4549144412353f2262ba8a5cc1c6100faa8484ef14802adc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59d596.TMP

MD5 5e2d24a0d7db417918a05f36d0611e53
SHA1 f87a95aad4d8b89c7784dfbeafdd42f057e17db0
SHA256 31643f00dd5bf9b6ec9b82a79f76fdb38e107cef38241bcdc31d92469b54ea4e
SHA512 4362d757faf6e547cdf0e616f4c4a36ab5552729a46cadd4fe3b500abfa02edc0a5b5bb0a077160cd2479cecee94bb8f80b8b3ae596e53b2bb283d04882490b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3700ddb81bb8ee327c9b85859c4835c3
SHA1 65b9e326da27c781a3d53bb09086c58341892ef5
SHA256 c022a977b4e1c70d7222998efac82f398f654705f47589f696f99ad452e9be13
SHA512 1848e5a3c730fba6c751d73b8d5c7b2bfb17295f7f8bfe4e19fbee9f502fd045c8cb2e785b12004ed22e99f388857210a63cd5618b1e2af8dcb2b0287471d919

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 04dd2de6b16faeb3615a772c811f01f7
SHA1 09166137f9f6a6ebb4dc2b0851b1c44edc197a12
SHA256 b33835729be68cba6bc78f9f73a6321493732f0742fcdf119bf6dd431e91003c
SHA512 fd922a7b57984551cca9a7a479dd84dfa47aaf4df6ae4b5dbbea0564e89cc2db28c270ee79ec727208f056c293878f826cd1e346066f2a1a0e6603db222e252e

memory/5824-809-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7dd75808e2302ce1f3c64bfcabd6371e
SHA1 733a396f1a4a8bddaed0951f96df5135a7b8f746
SHA256 0b2a4d4fab05bc269eab7ba3aead8efc67581027eb29a5f8b35074978bbcf5ce
SHA512 d6dc1371585eb02ced5291130d9d69195b5aed35fcbb82adf9f3e8838e53cd5380783d4330372e43b10e4830503f1d3dac03990b59c4f75b04edde9e92e98ef9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\133d55de-0e90-4d50-bb27-3b4cecd260e7\index-dir\the-real-index

MD5 9f3199566061391154c12325dd06ca6a
SHA1 13ce4d2abdf9870a0c6ed4af77b34cc1a753526b
SHA256 ff0998984319cb7f68965487c753134d38c9a9059124b2e70a4fa26076949497
SHA512 faf299400aa8f5ff901bf8f94316d0e08a44c3c174c1bf954a5372ab70081062ac9c71e3efb90b8f998759aa0213c97d43c43ca3a099309a32daad07f4d3f96c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 90e557f398819fdeb5ccd5cc50219f19
SHA1 7b37b6a211eb1a1c0c4b77924793f23e204c3bb5
SHA256 6591dc4ba22662984026f6deca15198e341bed9527d1b97e54ee6802049cb475
SHA512 34a24d5eced518c7cecbadee1b41c8e8d306c8d0b914d8f68f393993f4d225c600abd018f90d657ae603039955133469d021919c635760f2904fc52a0271e7b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 72240783334afc206c92631812f90b5d
SHA1 697486c2d4713474d5ed92e8348c31d4b300b936
SHA256 6a3d8a0c3d4c9bbef8ef94299c296f63d09cfe4b5e588fd56464b7d0ed7998ba
SHA512 ebcc1bfd44287974afc70763d0eb1fbf518d9c79b6e4d77c719213c209d3649f6be9da560dff82c23b46a6fe131618fb3646944c3f84c2449cce9f3ae8cc092c

memory/5824-950-0x0000000073B30000-0x00000000742E0000-memory.dmp

memory/5824-979-0x0000000007C00000-0x00000000081A4000-memory.dmp

memory/5824-990-0x00000000076F0000-0x0000000007782000-memory.dmp

memory/5824-1005-0x00000000078E0000-0x00000000078F0000-memory.dmp

memory/5824-1022-0x0000000007890000-0x000000000789A000-memory.dmp

memory/5824-1069-0x00000000087D0000-0x0000000008DE8000-memory.dmp

memory/5824-1072-0x0000000007AE0000-0x0000000007BEA000-memory.dmp

memory/5824-1075-0x0000000007970000-0x0000000007982000-memory.dmp

memory/5824-1078-0x00000000079D0000-0x0000000007A0C000-memory.dmp