Analysis Overview
SHA256
b7a0cc135b3c4c0784b42fa3dd5844d73afb2e5a2ae3f7c6778ebb0097a57f1a
Threat Level: Known bad
The file b7a0cc135b3c4c0784b42fa3dd5844d73afb2e5a2ae3f7c6778ebb0097a57f1a was found to be: Known bad.
Malicious Activity Summary
Mystic
RedLine
Detect Mystic stealer payload
RedLine payload
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Suspicious use of SetThreadContext
AutoIT Executable
Detected potential entity reuse from brand paypal.
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 06:24
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 06:24
Reported
2023-11-11 06:27
Platform
win10v2004-20231023-en
Max time kernel
150s
Max time network
158s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\aZ8Js90.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FE7GU56.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hV362pX.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4bm9Tx5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5eo71xo.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Mx709.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\b7a0cc135b3c4c0784b42fa3dd5844d73afb2e5a2ae3f7c6778ebb0097a57f1a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\aZ8Js90.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FE7GU56.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4436 set thread context of 5656 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4bm9Tx5.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 5108 set thread context of 3192 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5eo71xo.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 4876 set thread context of 5052 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Mx709.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b7a0cc135b3c4c0784b42fa3dd5844d73afb2e5a2ae3f7c6778ebb0097a57f1a.exe
"C:\Users\Admin\AppData\Local\Temp\b7a0cc135b3c4c0784b42fa3dd5844d73afb2e5a2ae3f7c6778ebb0097a57f1a.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\aZ8Js90.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\aZ8Js90.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FE7GU56.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FE7GU56.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hV362pX.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hV362pX.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x13c,0x174,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9020a46f8,0x7ff9020a4708,0x7ff9020a4718
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4bm9Tx5.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4bm9Tx5.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14082952690205791236,13160619070959738415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,14947908851210405102,9280985314128628607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,14947908851210405102,9280985314128628607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4533378149066679391,2522474073448244026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4533378149066679391,2522474073448244026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13202462882987554257,3078482762021808587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13202462882987554257,3078482762021808587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14082952690205791236,13160619070959738415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,9983119577168890443,11482149250064450378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,6071061385057352120,1230240094268592577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,6071061385057352120,1230240094268592577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,9983119577168890443,11482149250064450378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5177623427735009792,4832386129969521932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5177623427735009792,4832386129969521932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5eo71xo.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5eo71xo.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 5656 -ip 5656
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4440774991597065151,15922945608418224762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4440774991597065151,15922945608418224762,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11300757242750061212,11999260149934952700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11300757242750061212,11999260149934952700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 224
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Mx709.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Mx709.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6043295120400905448,2145215703229561392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 44.193.60.169:443 | www.epicgames.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 44.193.60.169:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.60.193.44.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| NL | 199.232.148.158:443 | video.twimg.com | tcp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.42.244.104.in-addr.arpa | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 44.214.245.214:443 | tracking.epicgames.com | tcp |
| US | 18.239.36.73:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.73:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | 73.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.245.214.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.53.21.104.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| NL | 142.251.39.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 59.189.79.40.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\aZ8Js90.exe
| MD5 | f8a4c501074a88ccee2e2d1c2bbd49e1 |
| SHA1 | 9b40e2d1664a3b81b7bdbea15df79e15fc50bda3 |
| SHA256 | c4b1423c3b3111b5ec34f43beec962960828b89274cf35f29d99110b5642e26a |
| SHA512 | 68f7e9be4035510233a497714ddd4ee835767b7ce26f6a9b4612e5772061829ea1f3b518b7ac24795ae5960168b1e923124c7c243b26ea7b0bfddc48f0590a34 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\aZ8Js90.exe
| MD5 | f8a4c501074a88ccee2e2d1c2bbd49e1 |
| SHA1 | 9b40e2d1664a3b81b7bdbea15df79e15fc50bda3 |
| SHA256 | c4b1423c3b3111b5ec34f43beec962960828b89274cf35f29d99110b5642e26a |
| SHA512 | 68f7e9be4035510233a497714ddd4ee835767b7ce26f6a9b4612e5772061829ea1f3b518b7ac24795ae5960168b1e923124c7c243b26ea7b0bfddc48f0590a34 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FE7GU56.exe
| MD5 | e39cccc2060c1ce5ca97039544179d6f |
| SHA1 | e88fd9aada43d93a1e622b4145c224544372c17f |
| SHA256 | 6e44c81fdefad6f2a526a1a28af4125f86ee2ecb88c7610c9cb9ec76b8c6be30 |
| SHA512 | 4fc935888cdb23248f8e8e3c6058cd9b63cd3e41fcae49539d15e74c90b048c74aac2f6e03221ebef9c8ed8d36a70e0d6de29f6920c8f1e8c0ac1f93f80a8e1d |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\FE7GU56.exe
| MD5 | e39cccc2060c1ce5ca97039544179d6f |
| SHA1 | e88fd9aada43d93a1e622b4145c224544372c17f |
| SHA256 | 6e44c81fdefad6f2a526a1a28af4125f86ee2ecb88c7610c9cb9ec76b8c6be30 |
| SHA512 | 4fc935888cdb23248f8e8e3c6058cd9b63cd3e41fcae49539d15e74c90b048c74aac2f6e03221ebef9c8ed8d36a70e0d6de29f6920c8f1e8c0ac1f93f80a8e1d |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hV362pX.exe
| MD5 | 1d89d4910495096185b810833dfe74a1 |
| SHA1 | 915ec9292f11e409aef962918494d2a9be62e0b8 |
| SHA256 | 9c52b3868ad31fb11e8462d22e8b0c20309ceec05d93c34beb136f47d1e7b97c |
| SHA512 | 998d76035587af6f2a0fcaf7640a493e447c84a95f1b313f0e0a06e67a15b501902482b5ac9028b68932c58d0195bb564a59af142d701f206378218b8b50677e |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hV362pX.exe
| MD5 | 1d89d4910495096185b810833dfe74a1 |
| SHA1 | 915ec9292f11e409aef962918494d2a9be62e0b8 |
| SHA256 | 9c52b3868ad31fb11e8462d22e8b0c20309ceec05d93c34beb136f47d1e7b97c |
| SHA512 | 998d76035587af6f2a0fcaf7640a493e447c84a95f1b313f0e0a06e67a15b501902482b5ac9028b68932c58d0195bb564a59af142d701f206378218b8b50677e |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4bm9Tx5.exe
| MD5 | 9eb29958e62ecc76ed1f0ede326b8afa |
| SHA1 | 6b09635e9775231c682f8efaecacd07417b72775 |
| SHA256 | f18838709f90f3a08ba6fae3f6ec5935dc5c044225ab2ed1201fbe4b4d5902ae |
| SHA512 | 5874c599a09d8c3e7938a9e5ab99b73314eda145b0c486f7937c8131768d809af9c0aceccc12bf197e86bc9dd346999e62029ed1762cf4b3e24db0fd7401cab9 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4bm9Tx5.exe
| MD5 | 9eb29958e62ecc76ed1f0ede326b8afa |
| SHA1 | 6b09635e9775231c682f8efaecacd07417b72775 |
| SHA256 | f18838709f90f3a08ba6fae3f6ec5935dc5c044225ab2ed1201fbe4b4d5902ae |
| SHA512 | 5874c599a09d8c3e7938a9e5ab99b73314eda145b0c486f7937c8131768d809af9c0aceccc12bf197e86bc9dd346999e62029ed1762cf4b3e24db0fd7401cab9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
\??\pipe\LOCAL\crashpad_976_JFZSUAAAKEHVUMJS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cccdbce4bf664f47b973e2b139f16a7b |
| SHA1 | ae4c09a0b787a66c054d92c1a849b6321ff9fe88 |
| SHA256 | 06a25eec9fda3c5d77f3fa721e2892c28eb763facb8240641e2d583930ae2561 |
| SHA512 | 15bbee81136fdd68564021f8507e415b409d4a74a8de5e4a07bee71bf748eeb7fc81c532511d955eb10a2422443d092ad90621b654d3f70f1b0aa1def0a0259e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
\??\pipe\LOCAL\crashpad_2032_QFEWRAIZZDNKEWZR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1008_IXXPXCDWUWJUAVXF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4368_FHKINYKMTLMLWGJP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2332_YGVKBHCRYYBQLGTD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
memory/5656-129-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
\??\pipe\LOCAL\crashpad_1532_BOYOXTHJEKCQJPVF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_404_HPWIFAHEZOYTPZQC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4184_RTHOMHRHGZXIZETB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5656-148-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5656-152-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5eo71xo.exe
| MD5 | fbc6d505bc02bc28d6fcd297f4b0cb46 |
| SHA1 | a41685f43afbe5e70bdebab0e11f33163ccab625 |
| SHA256 | 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e |
| SHA512 | c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af |
\??\pipe\LOCAL\crashpad_3572_VQFYRBULYFTPBEWW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5656-147-0x0000000000400000-0x0000000000433000-memory.dmp
\??\pipe\LOCAL\crashpad_3008_UKNOFSVPBIZSZHQB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5eo71xo.exe
| MD5 | fbc6d505bc02bc28d6fcd297f4b0cb46 |
| SHA1 | a41685f43afbe5e70bdebab0e11f33163ccab625 |
| SHA256 | 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e |
| SHA512 | c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b97604c11d817c39e97baae7c1feb5bc |
| SHA1 | 94e59010c7ab3ba4724c656474f87e745da0e255 |
| SHA256 | 0a573839469ff21398c54f46a4e15979499848b4b719ca005b0a768a1b02e9c8 |
| SHA512 | c65dfbf094b052123a7146f87b372d543cd23bd089e703331c06fd190d6dc4d4cc08ca334f989af0180feda3680b0fa08f8367c13669ddfdb3c577746e39348d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49b48bd4a6158352d0605a64a09c8699 |
| SHA1 | 8ad3d1061544d6d06bfaac8995fcb6697f4ec53d |
| SHA256 | 1eae220a9eeeb29598ae1f594c2e15a9690907908a9def5a7b7ec2b75cae58d9 |
| SHA512 | df413867e2342f9c2695c70af99fb5fcbeb667b0fa764e86e2bdba79b4cff6ffafe629d5cfcc26d4767653199ec4b7691e149651be23b74bc19038e2339035b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f38a0714e43694a00726161865954152 |
| SHA1 | 321ae587f25fde665bf36bbb94a35bd71e186a6e |
| SHA256 | 53bfc30f66c9bd6112f1d7e781a6c6dd62441647b60f523a460688d439b59ce4 |
| SHA512 | d7d61227a3eb1b9bed6f8b8ac95377de2bf7371919c640dd29f0cf7bc4ad5aa1449f2f2fccdb8cabe87d011f85f64f508eff9b5167ba1b3418d974d400199304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f9dc222ef6e26d7ca0edb4d239836e4e |
| SHA1 | db0124c100eed676bb0b38a2539087e23fa1ab24 |
| SHA256 | 990ebabe67cf8c4997f7c915f6d8ddc15858f133a3c2eac0cca15aaad4883a0b |
| SHA512 | ae0d1235a9209ed16541d4df51a8213d8d7684ce2171e6f6dde2c6f959d932b7aa5244da4e67bf8a4b501acc8593f2938b273f00f6c60c0e54f8236ab4649715 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f9dc222ef6e26d7ca0edb4d239836e4e |
| SHA1 | db0124c100eed676bb0b38a2539087e23fa1ab24 |
| SHA256 | 990ebabe67cf8c4997f7c915f6d8ddc15858f133a3c2eac0cca15aaad4883a0b |
| SHA512 | ae0d1235a9209ed16541d4df51a8213d8d7684ce2171e6f6dde2c6f959d932b7aa5244da4e67bf8a4b501acc8593f2938b273f00f6c60c0e54f8236ab4649715 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d3faa429-b68d-44bd-a1c2-ba0f9d4b3f3f.tmp
| MD5 | 8eea6e4e7ce948f13a7893d467920af4 |
| SHA1 | 3c1fc40715255ab3c0f8c05b2d622a72e3cb3735 |
| SHA256 | 43be75c54185550e64bf1eb71e3c1a0306561155daec86e02197bdee5e0bb456 |
| SHA512 | 706ca8ddc6f7d76db65299168592ba3d0a3ae5f8906ce57550c46f59ae79737c1fe0a2f75ea676c59750b0303c6933b55d0eeb5338cc3c51dcaac53e12c1c418 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49b48bd4a6158352d0605a64a09c8699 |
| SHA1 | 8ad3d1061544d6d06bfaac8995fcb6697f4ec53d |
| SHA256 | 1eae220a9eeeb29598ae1f594c2e15a9690907908a9def5a7b7ec2b75cae58d9 |
| SHA512 | df413867e2342f9c2695c70af99fb5fcbeb667b0fa764e86e2bdba79b4cff6ffafe629d5cfcc26d4767653199ec4b7691e149651be23b74bc19038e2339035b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b97604c11d817c39e97baae7c1feb5bc |
| SHA1 | 94e59010c7ab3ba4724c656474f87e745da0e255 |
| SHA256 | 0a573839469ff21398c54f46a4e15979499848b4b719ca005b0a768a1b02e9c8 |
| SHA512 | c65dfbf094b052123a7146f87b372d543cd23bd089e703331c06fd190d6dc4d4cc08ca334f989af0180feda3680b0fa08f8367c13669ddfdb3c577746e39348d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f38a0714e43694a00726161865954152 |
| SHA1 | 321ae587f25fde665bf36bbb94a35bd71e186a6e |
| SHA256 | 53bfc30f66c9bd6112f1d7e781a6c6dd62441647b60f523a460688d439b59ce4 |
| SHA512 | d7d61227a3eb1b9bed6f8b8ac95377de2bf7371919c640dd29f0cf7bc4ad5aa1449f2f2fccdb8cabe87d011f85f64f508eff9b5167ba1b3418d974d400199304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b97604c11d817c39e97baae7c1feb5bc |
| SHA1 | 94e59010c7ab3ba4724c656474f87e745da0e255 |
| SHA256 | 0a573839469ff21398c54f46a4e15979499848b4b719ca005b0a768a1b02e9c8 |
| SHA512 | c65dfbf094b052123a7146f87b372d543cd23bd089e703331c06fd190d6dc4d4cc08ca334f989af0180feda3680b0fa08f8367c13669ddfdb3c577746e39348d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cbd804af17713332563b0e20f3801aa0 |
| SHA1 | 17c3ff786e1388d9fd731a2ce67e75336a1eacbe |
| SHA256 | 8bcecdae097dea630fa2d0a98cfc0411a1e949b77e1e78a58a4fa3b03e090a68 |
| SHA512 | a7344c699f5238e2176b336dbe701d9215d2a2077693fe7b9021cd0ac75793bd9a9849297f264342e99448568ae2a8f30ea66de3f0136c1b82d6d26f3eefa015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cbd804af17713332563b0e20f3801aa0 |
| SHA1 | 17c3ff786e1388d9fd731a2ce67e75336a1eacbe |
| SHA256 | 8bcecdae097dea630fa2d0a98cfc0411a1e949b77e1e78a58a4fa3b03e090a68 |
| SHA512 | a7344c699f5238e2176b336dbe701d9215d2a2077693fe7b9021cd0ac75793bd9a9849297f264342e99448568ae2a8f30ea66de3f0136c1b82d6d26f3eefa015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4ee5b2cacff264e317f867f1bedeff5 |
| SHA1 | 8ec1a86628ec97df2212042039ac610316cea95b |
| SHA256 | 17ad84a32dc2edf9543671f10f4c1702e82cb92ffe3cb9ce130efa0fb6702308 |
| SHA512 | 1759831cbb7a6c47f99e266e1f4b5fb7bc860b6f0ded30dcd69e29d158c887ed4f69cb9f017e0e291e4b3ba0ce02fa71451185999e24d1eb62718a73739e3567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\66c1445a-405c-4e06-9948-902d73bc7988.tmp
| MD5 | eef5a43e87b2aa1ac2a80869c75fdb89 |
| SHA1 | 4cab5dd0705cb16c0a81d7da8c4a30f606a17e44 |
| SHA256 | 7fa6078710cf77745f781da7857e7fccdabd5951ba92c64253bdaf52fb8ddeff |
| SHA512 | 3a0830a0cb0a5d2c35fdc8d5606d1a4618c052e7ae23f9293b83f34928d822bd970ff76f5872b5a3e2560cebb20caefb799f17fe20cdd9592bcebdb5837a4cc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49b48bd4a6158352d0605a64a09c8699 |
| SHA1 | 8ad3d1061544d6d06bfaac8995fcb6697f4ec53d |
| SHA256 | 1eae220a9eeeb29598ae1f594c2e15a9690907908a9def5a7b7ec2b75cae58d9 |
| SHA512 | df413867e2342f9c2695c70af99fb5fcbeb667b0fa764e86e2bdba79b4cff6ffafe629d5cfcc26d4767653199ec4b7691e149651be23b74bc19038e2339035b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a5140d5e-9e6d-41cc-a076-168fc70cbdcf.tmp
| MD5 | d4760c4fb33bcff63416e0779c179a83 |
| SHA1 | 85cc3e271c2c4d99eda9bdc940c87258bf98085e |
| SHA256 | a848114b165094c6cb75f7553eec56f46f9273632f5aa27cc9344c89c6e8a061 |
| SHA512 | eae75d6c9eebc8b8cb5bc29a1bbd638676d23cf03c591101e3555d759bca57ba48740bdd0ac6be0f187e73947232afbf4a26d3901808c82dfbb43858b02ce5f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4ee5b2cacff264e317f867f1bedeff5 |
| SHA1 | 8ec1a86628ec97df2212042039ac610316cea95b |
| SHA256 | 17ad84a32dc2edf9543671f10f4c1702e82cb92ffe3cb9ce130efa0fb6702308 |
| SHA512 | 1759831cbb7a6c47f99e266e1f4b5fb7bc860b6f0ded30dcd69e29d158c887ed4f69cb9f017e0e291e4b3ba0ce02fa71451185999e24d1eb62718a73739e3567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e7a06080-b0f4-46e7-bca1-aeb611837117.tmp
| MD5 | b4ee5b2cacff264e317f867f1bedeff5 |
| SHA1 | 8ec1a86628ec97df2212042039ac610316cea95b |
| SHA256 | 17ad84a32dc2edf9543671f10f4c1702e82cb92ffe3cb9ce130efa0fb6702308 |
| SHA512 | 1759831cbb7a6c47f99e266e1f4b5fb7bc860b6f0ded30dcd69e29d158c887ed4f69cb9f017e0e291e4b3ba0ce02fa71451185999e24d1eb62718a73739e3567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cbd804af17713332563b0e20f3801aa0 |
| SHA1 | 17c3ff786e1388d9fd731a2ce67e75336a1eacbe |
| SHA256 | 8bcecdae097dea630fa2d0a98cfc0411a1e949b77e1e78a58a4fa3b03e090a68 |
| SHA512 | a7344c699f5238e2176b336dbe701d9215d2a2077693fe7b9021cd0ac75793bd9a9849297f264342e99448568ae2a8f30ea66de3f0136c1b82d6d26f3eefa015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eef5a43e87b2aa1ac2a80869c75fdb89 |
| SHA1 | 4cab5dd0705cb16c0a81d7da8c4a30f606a17e44 |
| SHA256 | 7fa6078710cf77745f781da7857e7fccdabd5951ba92c64253bdaf52fb8ddeff |
| SHA512 | 3a0830a0cb0a5d2c35fdc8d5606d1a4618c052e7ae23f9293b83f34928d822bd970ff76f5872b5a3e2560cebb20caefb799f17fe20cdd9592bcebdb5837a4cc0 |
memory/3192-373-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f5f508b30fd016acd5ab97954286c8a |
| SHA1 | 54cb7c5b4472819bdd3f01aae4caf9bb20e3acda |
| SHA256 | 90a1f7e1ea5c5dd2078bbf5119e0f40bd4fcdcba21a7f8e66b7085bda8b10a2d |
| SHA512 | 29de78e6f89a923e33ecdcf05c9e8a6410f7064387e9fc75f446f7d2b2cc160410e3ebbe4a0c26dd18aefff3adf69426c85af8c4e7f60255139f5d54fafb2cc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1111af62c54b94ffc7ffb70592f9176b |
| SHA1 | 7860f494591fb74253f53010f3d6c606dda4be56 |
| SHA256 | 359f7ffd7f8c888d521c459c598a08e42a3f2f37ff992befaae5cf0375a5bf1f |
| SHA512 | 80c71cb1bdc05d037edf3a9bcb703a447d7c9592b6c2e81a20f3efc8fcb46abbed201c7571c5322b05768bb971e1958c771d0881d7f56ed72b16065460cb097d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 918ecd7940dcab6b9f4b8bdd4d3772b2 |
| SHA1 | 7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4 |
| SHA256 | 3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175 |
| SHA512 | c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2 |
memory/5052-446-0x0000000000400000-0x0000000000488000-memory.dmp
memory/5052-447-0x0000000000400000-0x0000000000488000-memory.dmp
memory/5052-449-0x0000000000400000-0x0000000000488000-memory.dmp
memory/5052-451-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47d69812de6da5d468f1e84257a6a27e |
| SHA1 | bfe53712b200f9397f3ab8a9d28aa76454eb26cc |
| SHA256 | eb3020a5c27331c2b589508e9893314c579f42e0cef06cbe3c4ccd0d019ac175 |
| SHA512 | 3e1c2b7b6d5acbe9cb93f64a2727a91573d08a3a5e9b08e271f4f981c794f4b318f64943f67004409a28b4ae16f2827b63d876c759265ca4ac9ad748637266f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
memory/3192-538-0x0000000073390000-0x0000000073B40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
memory/3192-566-0x0000000008080000-0x0000000008624000-memory.dmp
memory/3192-570-0x0000000007B70000-0x0000000007C02000-memory.dmp
memory/3192-595-0x0000000007DA0000-0x0000000007DB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ef267963ea139896e2be3d37c1f1fcad |
| SHA1 | 667a135923754838a8aa1f67389114aa1a599557 |
| SHA256 | 0cf9f82bb5581c2769c86262c3d428d377e576533e4d4e3fb52fcf4dd448b22c |
| SHA512 | 38aeb8f99785951c99b02785ac3571b0eca450d0158ff746a0397ffae67abf40e2568c0dce528976a9f9b88a1d32c3e2ceb91bfbdcce324329f0397b20350ace |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591bcb.TMP
| MD5 | 5471491d00740dbfad430e6531d66088 |
| SHA1 | adfecf1b77310837df3779e9867bb003cb2140bc |
| SHA256 | 80be5a890296c38d2a592f4653fa60b1196418328588ef5bc3796e8803abf9e6 |
| SHA512 | d1cd907878d811a29a5458edffc5dc04ec92be002e755ec07004f348b6583c17f367edfedb1ef1b18c097fb8047a489f40320441b47bb55a503733b49a2c6087 |
memory/3192-642-0x0000000007D00000-0x0000000007D0A000-memory.dmp
memory/3192-672-0x0000000073390000-0x0000000073B40000-memory.dmp
memory/3192-678-0x0000000007DA0000-0x0000000007DB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 693cb5ec0ec94accb8ffaaa86bfdc5fe |
| SHA1 | 08d97bfaeb9cfebbe236b052a9dd4968a463f571 |
| SHA256 | 494cf9410c06fa7617bc8f381e3835fd0f2881723b2b0e2eda215464245cc919 |
| SHA512 | e42957ff237f077d9494a18522343a0cae2f879efa487671fccd2d341015fb1ff4c0484d75f711b026770791f3291244917d791854ed0a075eaf6c449d2e4cb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 497fe7079cc21b86d7ff678becc44b01 |
| SHA1 | 2444953ceb1806d60eb60ad72b69ab1c4af13e58 |
| SHA256 | d245652656e42aeea7229365e2e4684c4a93921fd3465b37b4bad2df2cbf9098 |
| SHA512 | 7c9edacf5c3d33fa103e8389c5a7bcd05deb2f67e9c179dc08380bfb891eda0d11f46505cf2097ab71bbb50d911f65af550a8e04351a51155bdd6bbd7415284b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 8ff63d81e59064a19c830b84a60c225c |
| SHA1 | 5995f75c6ffc7738a28c4d6ffb355bb500707733 |
| SHA256 | e0b2e117a6d4d126910eec9d18f9e4a2a51db54ab2d7c893c11d2a248eefc6ee |
| SHA512 | 4b68af9caa9c03ae1ca4ec2e9b579d725b66456f2ceea4955db14eb51b098c39efb671865150455fe68b66adc613ad6ed168915530ddebb0a0e4895c1cd88146 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |