Malware Analysis Report

2025-01-02 05:21

Sample ID 231111-gm1rbsca8t
Target c30b12c3a53f8b45c905634adcd928dd.exe
SHA256 e8ca98e34dd9b89697bdbb1ad24e6d8928d844c431c9cab14ecb3d86551846e3
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e8ca98e34dd9b89697bdbb1ad24e6d8928d844c431c9cab14ecb3d86551846e3

Threat Level: Known bad

The file c30b12c3a53f8b45c905634adcd928dd.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 05:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 05:56

Reported

2023-11-11 05:59

Platform

win10v2004-20231020-en

Max time kernel

135s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c30b12c3a53f8b45c905634adcd928dd.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\c30b12c3a53f8b45c905634adcd928dd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4780 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\c30b12c3a53f8b45c905634adcd928dd.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe
PID 4780 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\c30b12c3a53f8b45c905634adcd928dd.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe
PID 4780 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\c30b12c3a53f8b45c905634adcd928dd.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe
PID 2480 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe
PID 2480 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe
PID 2480 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe
PID 3200 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe
PID 3200 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe
PID 3200 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe
PID 3460 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 3216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 3412 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 2744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3460 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3200 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe
PID 3200 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe
PID 3200 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe
PID 4644 wrote to memory of 5460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4644 wrote to memory of 5460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4644 wrote to memory of 5460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1804 wrote to memory of 5904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 5904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 5904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 5904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 5904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 5904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 5904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 5904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1804 wrote to memory of 5904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c30b12c3a53f8b45c905634adcd928dd.exe

"C:\Users\Admin\AppData\Local\Temp\c30b12c3a53f8b45c905634adcd928dd.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0xa0,0x170,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffcd1846f8,0x7fffcd184708,0x7fffcd184718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1313318480203848909,12631227672332348020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1313318480203848909,12631227672332348020,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9076289695836300421,2453599630834236032,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9076289695836300421,2453599630834236032,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,16958177727888469851,2898626472127063534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,16958177727888469851,2898626472127063534,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17650323573776704038,18267152782262224053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3476470824298588554,7034914233700531903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17650323573776704038,18267152782262224053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11576160856272497141,3950237409059328214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11576160856272497141,3950237409059328214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,5711681929615201926,11209353801030116952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5711681929615201926,11209353801030116952,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3476470824298588554,7034914233700531903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7042733537455075254,13122592624120378962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7042733537455075254,13122592624120378962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9257096440601204480,15453072362993910981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9257096440601204480,15453072362993910981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5IC74Hi.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5IC74Hi.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5272 -ip 5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 540

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gz238.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gz238.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,13556443153375592881,13918649512014917204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7500 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.1:443 twitter.com tcp
US 104.244.42.1:443 twitter.com tcp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.epicgames.com udp
N/A 224.0.0.251:5353 udp
US 52.2.199.143:443 www.epicgames.com tcp
US 52.2.199.143:443 www.epicgames.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 143.199.2.52.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 192.229.233.50:443 pbs.twimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.2:443 api.twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 254.21.238.8.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 172.67.209.38:80 killredls.pw tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 192.55.233.1:443 tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 157.240.5.35:443 fbsbx.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 udp
NL 23.222.49.98:443 steamcommunity.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe

MD5 76dbb9dbc933bf740d332396bb73c187
SHA1 d1cf66e21e9063d70269f8e4522c77ec6a4da48c
SHA256 be52b25ce3d9c7f84051981d74d5731afd7a2f0a7f961b585105929a20fce28e
SHA512 beee854e3afa408b082a9301f36785e05f7f7ca0c2434ce6940f3c5e491cd45bace1decba3d906573b6ef09d497c23e3696fe96111a4938080eadffdbc573331

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Px7mP64.exe

MD5 76dbb9dbc933bf740d332396bb73c187
SHA1 d1cf66e21e9063d70269f8e4522c77ec6a4da48c
SHA256 be52b25ce3d9c7f84051981d74d5731afd7a2f0a7f961b585105929a20fce28e
SHA512 beee854e3afa408b082a9301f36785e05f7f7ca0c2434ce6940f3c5e491cd45bace1decba3d906573b6ef09d497c23e3696fe96111a4938080eadffdbc573331

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe

MD5 770abff39df9fdd8cacf4fdd60509db3
SHA1 2b022cc8e1d6d4fc7341f3711f9881ad22755e99
SHA256 a152dedf8361c8d72bc78609f168085f2f0ba5c6d7c8e94e01febfd163ab0577
SHA512 a0f50032b5e39cf709157372092d9deb59f6b2e13ac5081eaa268633587a431da8373b1e0baf03b1c868ed0e31b633f8ee376a9cb121f5cbe401378def9ece3c

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yX3Tk97.exe

MD5 770abff39df9fdd8cacf4fdd60509db3
SHA1 2b022cc8e1d6d4fc7341f3711f9881ad22755e99
SHA256 a152dedf8361c8d72bc78609f168085f2f0ba5c6d7c8e94e01febfd163ab0577
SHA512 a0f50032b5e39cf709157372092d9deb59f6b2e13ac5081eaa268633587a431da8373b1e0baf03b1c868ed0e31b633f8ee376a9cb121f5cbe401378def9ece3c

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe

MD5 efd10e55a146bb07e948896d2f3386b8
SHA1 a7a3443a06f3915c745d6d300d8361ece718fa12
SHA256 6cef7e7427041eab3fc9cdd17c9bffe9b1f3a7bd0cae4ba0bfdb6f2ffa41fa09
SHA512 de9fd4657e2166dc04229aff13f1ea38e66a85a72fbf8f17ffd2409a962a6fccd6d5e79197dfd52bf8907034b17188497ef9d68bf4524b34213a145f70db6717

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Wl168Kl.exe

MD5 efd10e55a146bb07e948896d2f3386b8
SHA1 a7a3443a06f3915c745d6d300d8361ece718fa12
SHA256 6cef7e7427041eab3fc9cdd17c9bffe9b1f3a7bd0cae4ba0bfdb6f2ffa41fa09
SHA512 de9fd4657e2166dc04229aff13f1ea38e66a85a72fbf8f17ffd2409a962a6fccd6d5e79197dfd52bf8907034b17188497ef9d68bf4524b34213a145f70db6717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe

MD5 f2681badda9636fa38e12307dea453e6
SHA1 5fdbc1ff145fb03600cd30bbebd704f659348c5d
SHA256 5cb2b33cfd41cd0d80fdd8564ff49ebfba88e40c2b20ed9186a8ddc46d5dacd3
SHA512 9e3c304007f34cadcddee8f16e8fde02575a38d78ac4aafcc8e2637592e8b504e368767824ece27841df00ca70e0f075ba97830ac806a888b4f3501d45366d0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fJ5jN0.exe

MD5 f2681badda9636fa38e12307dea453e6
SHA1 5fdbc1ff145fb03600cd30bbebd704f659348c5d
SHA256 5cb2b33cfd41cd0d80fdd8564ff49ebfba88e40c2b20ed9186a8ddc46d5dacd3
SHA512 9e3c304007f34cadcddee8f16e8fde02575a38d78ac4aafcc8e2637592e8b504e368767824ece27841df00ca70e0f075ba97830ac806a888b4f3501d45366d0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_3412_UJUUKXTFSBHLEROT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1412_SBTZUELDKXNANMXJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/5272-156-0x0000000000400000-0x0000000000433000-memory.dmp

\??\pipe\LOCAL\crashpad_3188_AZZZHRKVSKSEPBSE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1140_BJCQLGXRCECEXWCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3164_AHKZXGJRMSIWUNTX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/5272-157-0x0000000000400000-0x0000000000433000-memory.dmp

\??\pipe\LOCAL\crashpad_4488_ZNDVASSKSQKTMNPS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1464_YDQBTHVGRYYWNPNC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4904_CAOIOSMGMKWEAGOI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1804_NDNGOLBBSHNITFLU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4740_XAOBDMGOFUKYLPPP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

memory/5272-158-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5272-160-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5IC74Hi.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5IC74Hi.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

memory/8096-176-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gz238.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gz238.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3d3b0928-a2a2-474b-9d71-f7b58954341d.tmp

MD5 17145cc8b5465e110988ee3185992bb6
SHA1 84382ed4fe621dcce965b5c5967700c3cfe0079e
SHA256 f084331b9f1c08cb72a6828124cea702baa6111dfc23b9bec9dbbaad3bb477eb
SHA512 6f928d4ec3f2762777a500aaa713699845f819ecc27d16af7e8a553a822575c125a66fa01bb2765c7855c03081be047d070d78025f6d10b91a6d97145a18e461

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 877c2dd6bd5fe9d94cff4def8262cf13
SHA1 3c284678188f91b1d1a41e9d480bf8d2f3117ee7
SHA256 7d4bc93509e6b995e7fee1f39e32810bbe4ffda65ed503e1547f08eb45810c5e
SHA512 33ee02c383ee988799a2626af1f48232bef1f87281a07da42b2dd66b52d8764bac8278561112ccb74307f5d1b45713efdaa7e6c6eca87c963686833a8b6f8c7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2d23b633-2b40-4602-98aa-44ad941d79f3.tmp

MD5 31212d7ff19f8e3936fde3844957e9ab
SHA1 49b0ef0143fd720ca9bcb284120684e6cc501135
SHA256 3d98c696a5cdf2a09b48b9c2b0c1337cb100c75546683be7a54c5710e8864ee6
SHA512 9262302e224b9f0a133d029b0536f8e36affce3333c98ce7b89eb7b496d39a145cf6efd32a423689979647f2d7ee51e51f06e7c1b74e757ecf943255e08bab98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7fae7cdbbd1c5a54bbc8bd2b10aef073
SHA1 554519645d94ccc2613492a16d0f17848d132781
SHA256 7609e59f37852092ebb4071e804de8b6af93d42a981622d54c93dbf9de987a0b
SHA512 3aa9d191a1bfa8f3937856377ab2733de97ffaeb445d75f817e86e1f1df3e13ecd41d39e6f95259e38f5f3afe4f91ac8b8c913c1cf1a3bbb21e7eff1725f641f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\277c33bc-e8af-4be4-ba5f-081cc91562b6.tmp

MD5 8522998062bfe6e12bb714dba72030dd
SHA1 7676ce6e9f3d863483aa160029520ee40341fadc
SHA256 1e7ce6df3b080cf073fe3e660aeec8c8a5b889ff3082b338d7b667adb274994d
SHA512 8c6d4e6cafe3f52686956870aa639e57aec868583ff32d4b48916ac70aead0477b0374a2ee434f5bb9c6c7205286b81ff4be1f71f0143c8cc309af36b34cdab6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b3a19fe69abedd1d5d46bb875b51af6
SHA1 9309eafff7efac9a0388f68b51019bd79936d636
SHA256 4934e172fe82998a7e39e90454fc8107aae3a53891872a1a3aa95ea1690fd27d
SHA512 0b12fb0b9ee4815590434d2b50ebb9b67eb7a909540ef7e3d3078e6e6cfe2c77e09cb25d2f0f0a323b146c4a50cba9a9420c2eec5dfa102c8d4fa361dc3833ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b3a19fe69abedd1d5d46bb875b51af6
SHA1 9309eafff7efac9a0388f68b51019bd79936d636
SHA256 4934e172fe82998a7e39e90454fc8107aae3a53891872a1a3aa95ea1690fd27d
SHA512 0b12fb0b9ee4815590434d2b50ebb9b67eb7a909540ef7e3d3078e6e6cfe2c77e09cb25d2f0f0a323b146c4a50cba9a9420c2eec5dfa102c8d4fa361dc3833ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66a46de1f23bfc78d36278e93dce8f63
SHA1 8173fa0145b00b85d60fa2903afb2efd5d43c524
SHA256 65481034cbff1a5e794596d4cab2f504e480f5fb01890fd13974d64ede5f85f1
SHA512 5cb0e33df8fbb8b3166ddb3222e3d925bcd972f2549d82b9cf472224614695222d80bbc49d542c87e8632d60067c396446d21b23df7fa787f6f2087dba36a015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66a46de1f23bfc78d36278e93dce8f63
SHA1 8173fa0145b00b85d60fa2903afb2efd5d43c524
SHA256 65481034cbff1a5e794596d4cab2f504e480f5fb01890fd13974d64ede5f85f1
SHA512 5cb0e33df8fbb8b3166ddb3222e3d925bcd972f2549d82b9cf472224614695222d80bbc49d542c87e8632d60067c396446d21b23df7fa787f6f2087dba36a015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 877c2dd6bd5fe9d94cff4def8262cf13
SHA1 3c284678188f91b1d1a41e9d480bf8d2f3117ee7
SHA256 7d4bc93509e6b995e7fee1f39e32810bbe4ffda65ed503e1547f08eb45810c5e
SHA512 33ee02c383ee988799a2626af1f48232bef1f87281a07da42b2dd66b52d8764bac8278561112ccb74307f5d1b45713efdaa7e6c6eca87c963686833a8b6f8c7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7fae7cdbbd1c5a54bbc8bd2b10aef073
SHA1 554519645d94ccc2613492a16d0f17848d132781
SHA256 7609e59f37852092ebb4071e804de8b6af93d42a981622d54c93dbf9de987a0b
SHA512 3aa9d191a1bfa8f3937856377ab2733de97ffaeb445d75f817e86e1f1df3e13ecd41d39e6f95259e38f5f3afe4f91ac8b8c913c1cf1a3bbb21e7eff1725f641f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/5916-283-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5916-321-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b2f54b1e-3631-4aa1-b760-3477e96dcb7d.tmp

MD5 ff2b0777c1e9ebbd8b6c894821a4ce61
SHA1 25f89fedf4a516000ffef6b8f0ec1edf2dc12141
SHA256 788ad05f82622b89a197d028ff6525828bfaec89abe65b7461d0b07c4f17efe5
SHA512 686368bef6411d95df1226c6a26417e863965b73caf9cafde277232766090a10e6e006845a7910389c4e5353471ab4b108df01c6f50cb970f0325e8e40092d87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\09bd982a-93d5-4ea3-b00c-bafd10cbd78d.tmp

MD5 f84778f77605d932d2bdbe1183a7e126
SHA1 80d956ff5d7520dbeeccb1f4802c27dc976647e7
SHA256 2189fe707f28708274d58603a5554c4712e2f375823b1d728af0e46aab26e110
SHA512 a410fe580be6d16a3eb9708801976f53b8981aafd107d981b9ed2c00c17fd07953f97fafcf2ce62b1eb5ff6eb7543c1b52207bf44e227af4b744b1f9348f031e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ed7bf7e7-58d6-492e-b03c-844667d8b090.tmp

MD5 31107fdedc8c5be60ade34f363725376
SHA1 c92e6f3e01b686d8e6a5bc52c5a0417608058c8f
SHA256 2788da45096ed109320cc19c14c1c958d06bd6b7a1407a2e5297c9865aabcf42
SHA512 b4a0321ca1335764bfebe579e4fdaaa472b94fe79319a44c7a8d8ab35b8ae6a4a6abaa7898c964c3c53fb452eb54b8bfea5263276c3efcf2d2288d669eb2d1a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a24a5924f6ccfcadd4b628faba6e89c9
SHA1 467ff84a8ef95c373f553ee1ac7ad8ed24ffe27c
SHA256 6881aac1ca6d717bd94bfbe66ad394e0f55bcef7f63e8094a31f82b38515f756
SHA512 b7fe8e0a56d830902eca4f97fb7b0df83dcfe2e4fcf2d8f0289faf076e21fbd18efbfece9a58c8337c8940781738040cd7b4c46cc1456b9ff2334231b2ef1824

memory/5916-415-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5916-419-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/8096-557-0x0000000073E10000-0x00000000745C0000-memory.dmp

memory/8096-566-0x00000000082B0000-0x0000000008854000-memory.dmp

memory/8096-569-0x0000000007DE0000-0x0000000007E72000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\75db86d2-e81c-403f-ab3e-d24ac9a30fed.tmp

MD5 700863e6ab4df9291561d56a91dfcfe7
SHA1 f9b84106672c54e56bcd320ecd5964f799d8589f
SHA256 4497c0dbef74738981e15e2f38bc0cf8c58cc75cfe66cd11d92818f4ec02e730
SHA512 fdf8980a09262c1247edc2206db0afa337ca965f00e815b6610069a04199ca6a3a39b777f048f9cebfe681c44ad2b4cb06026ce4f5c87ed4471d2ee20acf9d14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c1e884d72be5ca2d349d84defac88e0d
SHA1 a0931f748074778dda8128b4115bbeb49271cd67
SHA256 597101fb49790b803df59d1d62bfed5d59e7be83990e7fd3addff5ca1020aa4b
SHA512 7b3eb746b93d5ca94c43cc2b4154b904e95c9b530b292d9e7c9a151816136968fff126385666e5d71b284e5676ad236d2abfc57ede02de4e6a7b9ce2a6d5af4f

memory/8096-606-0x0000000073E10000-0x00000000745C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/8096-693-0x0000000008240000-0x0000000008250000-memory.dmp

memory/8096-694-0x0000000008270000-0x000000000827A000-memory.dmp

memory/8096-695-0x0000000008E80000-0x0000000009498000-memory.dmp

memory/8096-696-0x00000000089C0000-0x0000000008ACA000-memory.dmp

memory/8096-697-0x00000000088F0000-0x0000000008902000-memory.dmp

memory/8096-698-0x0000000008950000-0x000000000898C000-memory.dmp

memory/8096-699-0x0000000008AD0000-0x0000000008B1C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5956e0.TMP

MD5 eceef4812d7f4c9fc946c2d08280a92e
SHA1 adb006fa6116c2d15cc82f12027f998185fe348b
SHA256 3ec80d96d6befa6fc51ef47ccc3b0df9d4cceb98c9267a4aa6e8655dcfef7beb
SHA512 30ae48a35bcb26ee8bbb636497c0b535ff5254b2d310b73483d4e1b756658e5ef89aaffdb8b9acccf29601d960e9e9a6edf69b35016a85befb6c4a45c13e71d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3183cbc3-ceb3-4b3a-b13c-dbb21e3b9a84.tmp

MD5 abff17db838b29d420e8b873e81f95ba
SHA1 d093fdb812c714ade2b4cf79f5b7fc2bbc307471
SHA256 bbaff3991822a50b223474d60662bb3e99977c68c4aebd5f0571127aea071462
SHA512 b9353c2d6e358f31d6fa253101aaf4b308ed4b8b611f4991be8922abef1f13911fc0b490f6ecd41e0f170ab712e2e95c982651924181762c77e10cea4e2f2f9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c95a8ebec97c8d1332f480a17ed3c739
SHA1 8ae530740a8aefe5977c3d221e0016bdd2ceb350
SHA256 475cd670ec2c68bf1bafd7db9b9f716870792a8523340da6e7e08a86b96b598b
SHA512 4467d139276ad9ca3ffbc1bf0d81cf1976847bc38a7d06a780f94ba1d53034c4c31c0bffed62907ddf182a81b27f11db48e50f3a11b63a9cfbb35db507dea1a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5432d10a7fb8e4f82997ac9fb1d9f734
SHA1 2550a8a3f4b43a972eadf836bf3449f55eaef21d
SHA256 7bbf85f8d523d16fb5738492c06b09683d029e96775e57088a4ce35f2029410d
SHA512 8bc7e040d813bcee69fdb2d0296c3f9ccd5afbce299bca824f650886b02381351ffaee4cefb2b7fb335f976262bd2bcf3836fb009b57297d1f05ef0ce51755a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fcca67ce3cb83c58cbcf7a5b524defbe
SHA1 4e806ddacde7525e505f5f62336fe8a7878920f7
SHA256 e4828e526476ff081ccc68161b5143f920f3003e040c159900a6b1533c661daf
SHA512 364055a876ec8579cdbdc6d523a34115de88b34564046312d4910786bc87ab5f2bbf96c82a74d2b6ee65335a87ae62e64476dd5d75ac5615ca4d16dafd0ec65f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59a9e2.TMP

MD5 c7eaec0883dcb550fd233e23d9a5c7ee
SHA1 a1ee588b615db6bfc440a581ac8c8c0338ee01cc
SHA256 a670bd486a95b941bb9e77d5415b6cfbb8de88ad36babe7a933599079a8358bc
SHA512 632186bdef977684ff3d70cca002842b5d0137d36e4dc0dd83de2a75e7b18f3acb8c6fb7c96a9581302057cec5f1a6b3d46576fa64a749fc8caeeda8ad24dc6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 30ceb714c5d9818bb19aa9f0e1ddaeaa
SHA1 451067e81d4a44533bf1dcf1d1dbd0bc5ff0e4b8
SHA256 199874ceb16dfab5207fd011a2256f5db5d4b10d504836eb60b792254a60767a
SHA512 537327ad1a09b0e6caa4e10bc61cde016759f61fa955d7015870596f26b4e64a5c8e33c8945e8efff03120e4ded6705f8813480e65c3aa62d3a351f9dcb4530c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ae603dd8f606ffcb284c754aa44398db
SHA1 8925ba3c3e3e601a2d3834616fc48a609a360ba0
SHA256 65b846934c66fc7f26faaae6ed908e85260d37fdb14ab8012fae724a6b8119ec
SHA512 1036b49aa7ba9a01c7ed8225782b5731a279ab8a147cde18908fd3231815d2e3ef0d3974c5f1e6a229e0babf7b19ba2d9e69343fbaa9792ba5b5ab300148f0c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55c28dbc32839936b5d9f7ec435fb1fd
SHA1 88457a23a871fca89687aabc6d8df863ba2829ed
SHA256 53f962294e696185466d867aaaa953dc64a6d110dec1623fef1630a1bfd29367
SHA512 19135371fc2d83b9b3780bef0b61817e9eb432ef605b64d83cc8687b61b8b214a4e0ffdcbc0f59076fbe4a8868155654af017bf58ea506583cc5c8f139c6c02a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 d79d11dab16c685321d23a6184977773
SHA1 00b40a7cd64453737726241a2aa62e231557d04e
SHA256 bbfeb625d5261aeedb0f830a46932e9f1175b875eb7d908a34a3578008b8bc40
SHA512 3873838a31312317169ca83db1cbd967d020fff17b79b520d45e02c0c951ad0a8fd1634c84d6deed3aff117df5266440f662734a9312e009a7036382dbad3723

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe59bd7a.TMP

MD5 00cab966abc65d48e6a45938bfb8e140
SHA1 bf99a37a57e5e8eaa9b0d7f15ee57029e4df5f8d
SHA256 db7aa65326e62cde3eca1e6a22e8ec8c077388286af46ca66f7796067435708f
SHA512 4247e1df6ffb6c648964b449ef3c3289da1b65cf860b313a35471eee10fc1acce1c3d906d0239688a8327d7a0e4da16632285d191f360a244b839b2428c9ba75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\1b9ab786-372c-4791-b59b-ff617d67b237\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/8096-1151-0x0000000008240000-0x0000000008250000-memory.dmp