Malware Analysis Report

2025-01-02 05:29

Sample ID 231111-gsqtbadc67
Target 6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e
SHA256 6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e
Tags
mystic redline taiga infostealer persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e

Threat Level: Known bad

The file 6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence spyware stealer

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of SetThreadContext

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 06:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 06:04

Reported

2023-11-11 06:07

Platform

win10v2004-20231025-en

Max time kernel

150s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4692 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe
PID 4692 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe
PID 4692 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe
PID 3456 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe
PID 3456 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe
PID 3456 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe
PID 2624 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe
PID 2624 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe
PID 2624 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe
PID 4452 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3540 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3540 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3752 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3752 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4508 wrote to memory of 4684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4508 wrote to memory of 4684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2564 wrote to memory of 2568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2564 wrote to memory of 2568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1776 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1776 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe
PID 2624 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe
PID 2624 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 5552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe

"C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,15443733380452274596,4924006078547066292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,15443733380452274596,4924006078547066292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,5331339928508319588,10952418335711882005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,5331339928508319588,10952418335711882005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,11304315315577558884,11956915975924536597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4678555877747563117,3291171285947189825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4678555877747563117,3291171285947189825,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,11304315315577558884,11956915975924536597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7010854726902491588,15587112275066168057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7010854726902491588,15587112275066168057,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,674269359831384927,14300484317190498705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,674269359831384927,14300484317190498705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12523240949109121909,7869430349906098648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9043674185420560102,1022376907624352737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12523240949109121909,7869430349906098648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7825426488907221959,1981848469219630281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9043674185420560102,1022376907624352737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7825426488907221959,1981848469219630281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gH38YZ.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gH38YZ.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6712 -ip 6712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8796 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4e8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9212 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Aq115.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Aq115.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9824 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 54.152.70.17:443 www.epicgames.com tcp
US 54.152.70.17:443 www.epicgames.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.70.152.54.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.paypal.com udp
NL 157.240.201.35:443 www.facebook.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 twitter.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.133:443 t.co tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 138.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 172.217.23.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 rr5---sn-q4flrnss.googlevideo.com udp
DE 172.217.23.194:443 googleads.g.doubleclick.net udp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.57.194.173.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 i4.ytimg.com udp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
DE 172.217.23.206:443 i4.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 rr5---sn-5hnednsz.googlevideo.com udp
NL 74.125.8.234:443 rr5---sn-5hnednsz.googlevideo.com tcp
NL 74.125.8.234:443 rr5---sn-5hnednsz.googlevideo.com tcp
NL 74.125.8.234:443 rr5---sn-5hnednsz.googlevideo.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 234.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 rr1---sn-5hneknee.googlevideo.com udp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com udp
US 8.8.8.8:53 70.8.125.74.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 142.250.179.182:443 i.ytimg.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe

MD5 8ac302628f2772626893f27efe66826f
SHA1 e1464aa80a5f2f94bdcb115f3324b799c68b7e68
SHA256 b72b5c533ba0db093a3bb3df384fa03490e4ff52d3f413d5a6ae8b8bbd754324
SHA512 7cf169627c4889843891553fb74f5fd526db15f40e6290dd1c2dfc9c3e057102c55d416e2933801c8f68f4af347aaad8e4cff2f6600746ffbb15cfd397cb979e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe

MD5 8ac302628f2772626893f27efe66826f
SHA1 e1464aa80a5f2f94bdcb115f3324b799c68b7e68
SHA256 b72b5c533ba0db093a3bb3df384fa03490e4ff52d3f413d5a6ae8b8bbd754324
SHA512 7cf169627c4889843891553fb74f5fd526db15f40e6290dd1c2dfc9c3e057102c55d416e2933801c8f68f4af347aaad8e4cff2f6600746ffbb15cfd397cb979e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe

MD5 d0978f62a954becc37d5141ad29a6a8a
SHA1 078eb97db7f3a3fd15c7aa669cb29f1fadae752b
SHA256 5e10f1da6b0d230cf02d819e54a7da6c1f4dc0aeab99c1997de82b0d0bc243c0
SHA512 881c6b491b4bbc348ee7590809dfd1d55654d04617e4ccc95708205a3a9b6f965e36553ac052e982c402f8936bc3a26d040385c5dfacce5995b690b77a3d999d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe

MD5 d0978f62a954becc37d5141ad29a6a8a
SHA1 078eb97db7f3a3fd15c7aa669cb29f1fadae752b
SHA256 5e10f1da6b0d230cf02d819e54a7da6c1f4dc0aeab99c1997de82b0d0bc243c0
SHA512 881c6b491b4bbc348ee7590809dfd1d55654d04617e4ccc95708205a3a9b6f965e36553ac052e982c402f8936bc3a26d040385c5dfacce5995b690b77a3d999d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe

MD5 96f43cbcb21ff619a1d03baff0e209af
SHA1 398efe83e05ff7dbbfb60a16b9f533c931cfa75a
SHA256 9756e7ad8e81a4eea95b0f10a5cf83b0bcda2c1d97e36c74c8f2fced67a5588e
SHA512 e7379ccf7a853a51f318040138156d4e1bc43172ad699661627001039191b45051a4f921c4cfff21d8f2462156b6c9745088d87adbf382e841bb8b2e08fe3fb2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe

MD5 96f43cbcb21ff619a1d03baff0e209af
SHA1 398efe83e05ff7dbbfb60a16b9f533c931cfa75a
SHA256 9756e7ad8e81a4eea95b0f10a5cf83b0bcda2c1d97e36c74c8f2fced67a5588e
SHA512 e7379ccf7a853a51f318040138156d4e1bc43172ad699661627001039191b45051a4f921c4cfff21d8f2462156b6c9745088d87adbf382e841bb8b2e08fe3fb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe

MD5 f790321c1cc9a2bcf13265f6159675b9
SHA1 21a36b57c4e69d7792a36f6fc4e8bedb7622d181
SHA256 1af4f49893fe5fbc0db885b1f5833b4c9c5eb5b05c5e58d29a8cf056fdf02eb1
SHA512 ea736bc9f89633051f0c848924f676118a00fefd1cb64dbd6c7ae7971d09fcc6c0855a263413b3e626c2a52608d45d5b24e6d0538172d7bc3483308d8b113d57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe

MD5 f790321c1cc9a2bcf13265f6159675b9
SHA1 21a36b57c4e69d7792a36f6fc4e8bedb7622d181
SHA256 1af4f49893fe5fbc0db885b1f5833b4c9c5eb5b05c5e58d29a8cf056fdf02eb1
SHA512 ea736bc9f89633051f0c848924f676118a00fefd1cb64dbd6c7ae7971d09fcc6c0855a263413b3e626c2a52608d45d5b24e6d0538172d7bc3483308d8b113d57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_1776_OUQPBHPKAIJRLIBS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_3540_APWDHIUTCEBITYMJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_3752_MXMIAATJXDGBXBBE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4384_AIHRNBPJWCHRHXKM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4508_HYKOFZPTOJNLVKLP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cff1e303e392e09b87319984e480184c
SHA1 0be60c21f1b0c898f14a55fa0c00938d322dc869
SHA256 1317496ac12b545f0643948e8b36249df232dab958c0c554745502d5ee1503fb
SHA512 faf0684edff67cf8b347632fbe32891f399a6e78d6b9f8bc0bca5f838c7b085a2225044c96e98732c675e0b5f43a9c68ed6bc67b4f64998d343c4b51f5297a03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cdb0689f5a0ef70e0cf644c778a68741
SHA1 81c76e51859066c3e31705942eb488e84b2314cb
SHA256 542d6134b07768faae6a1f3e75105ae96804c0ac55bd8c6197b2e5b3091880aa
SHA512 0af822e1e0fc4a73729def43e87a80e49a9e3e352bd10a6c4e88d907a5a493330b27f0936a888ec6342700c7df9fa69983be140872414768355c7f5b37232dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 607cd4bdb0312313f4b44dd6d90b691b
SHA1 66853528c50779e5ee497113edeed8f60e7ce07d
SHA256 b55114e7944d2e5a2edfdc94c66800e07d456ddd508b3ee21e0bcff47ffc16a9
SHA512 556942598f8ea8240041f69c41373fb1ccc3ad56f999418472a021f58bbcd73da16dd5c57dc42aa88c9508dc5314531aa03c8ee81b576dae48fddfdffc79858b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cff1e303e392e09b87319984e480184c
SHA1 0be60c21f1b0c898f14a55fa0c00938d322dc869
SHA256 1317496ac12b545f0643948e8b36249df232dab958c0c554745502d5ee1503fb
SHA512 faf0684edff67cf8b347632fbe32891f399a6e78d6b9f8bc0bca5f838c7b085a2225044c96e98732c675e0b5f43a9c68ed6bc67b4f64998d343c4b51f5297a03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3de6586e-b1a9-45e3-8ef5-bfe1e320881c.tmp

MD5 9d91204aaeca2950c90ebb1aa1f1faa3
SHA1 1b27921758b5a4a5cbacf8621e26743f6210abd8
SHA256 157e450e86d1858598231fd4e3bd16f80d4767d3242c3f4eb84e3ed7f5dcfa54
SHA512 89bafee01d2b022ee5857353f0d7893011f674ed0d663f47fc544bed8d9c62a7fe321553247e6b1c4cf9ff153704ff8e1abe25e66b3f45a4054b290895f1ec19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 607cd4bdb0312313f4b44dd6d90b691b
SHA1 66853528c50779e5ee497113edeed8f60e7ce07d
SHA256 b55114e7944d2e5a2edfdc94c66800e07d456ddd508b3ee21e0bcff47ffc16a9
SHA512 556942598f8ea8240041f69c41373fb1ccc3ad56f999418472a021f58bbcd73da16dd5c57dc42aa88c9508dc5314531aa03c8ee81b576dae48fddfdffc79858b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cdb0689f5a0ef70e0cf644c778a68741
SHA1 81c76e51859066c3e31705942eb488e84b2314cb
SHA256 542d6134b07768faae6a1f3e75105ae96804c0ac55bd8c6197b2e5b3091880aa
SHA512 0af822e1e0fc4a73729def43e87a80e49a9e3e352bd10a6c4e88d907a5a493330b27f0936a888ec6342700c7df9fa69983be140872414768355c7f5b37232dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f267f802acd7c820ffdf86183aad8f27
SHA1 161ea8d019d9f25b0fd63fdf5a7ff9c01c7aadfb
SHA256 f30e2b69113995eefb67086e2b89e875bc977f676e286908d359b5a3bc48f3c8
SHA512 60eb2a011dd3f6267381747907a0a52ff4d20dca81cd0a9b133b37c536ed0a96f909edd8b1ef3bd84dfa17867b6cf0a1b5ff700ecd38eb037bbd5ff5fee0a17d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f267f802acd7c820ffdf86183aad8f27
SHA1 161ea8d019d9f25b0fd63fdf5a7ff9c01c7aadfb
SHA256 f30e2b69113995eefb67086e2b89e875bc977f676e286908d359b5a3bc48f3c8
SHA512 60eb2a011dd3f6267381747907a0a52ff4d20dca81cd0a9b133b37c536ed0a96f909edd8b1ef3bd84dfa17867b6cf0a1b5ff700ecd38eb037bbd5ff5fee0a17d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ce170499a4d18aff505ced5eae1f82f
SHA1 aad7cd862311f46917ae05c119938d1af84d4f93
SHA256 41be457fedd27a97af6fa330819ee2c935537285b18376e3f12cb9908ef34b55
SHA512 6d22d796bfd6ae37c05231c4e89a4ab4b51b9a416423d7818291fd3d81bea6d26dedfcf7b11652435d46862649cdd55763f65420cf0dbd67a59d203d8795d777

\??\pipe\LOCAL\crashpad_3480_XQRDXZNBBAVHGEHC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ce170499a4d18aff505ced5eae1f82f
SHA1 aad7cd862311f46917ae05c119938d1af84d4f93
SHA256 41be457fedd27a97af6fa330819ee2c935537285b18376e3f12cb9908ef34b55
SHA512 6d22d796bfd6ae37c05231c4e89a4ab4b51b9a416423d7818291fd3d81bea6d26dedfcf7b11652435d46862649cdd55763f65420cf0dbd67a59d203d8795d777

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6eaeb7a289ec57667818f12d596e6ca2
SHA1 588d943eda35762bdb2678555f2f91e4b9de2611
SHA256 e0369f5f79c85ab4df453e3bf3483aab97deb348619a2ba719bd9e8d9a14bfcc
SHA512 d03d22bbec0802dbe569e5f8c52f5da59ceb129ed9329a5e6b39c9e0753346b70b4499125a28585a4ecf2f3d270c66c3d2c0e9de12036fae64503ff51868cfba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c0172c5d-2020-40e9-bafb-a113129a8660.tmp

MD5 85f10380a78d1d5d511a62a1a67d4381
SHA1 c732bef1d434253519c641a8f6f48fb722415abc
SHA256 81ccb5d7199987f4dcd6476338eae6089d7178f5bdc24f33c0f8e21341524385
SHA512 874fcce3cc4625a4ae7b35125a93ab57cba6c6ea252bf23871e91e40db9a6cb6098950e53ac5c694df5a361962a9d6a88347e4a58781b8c517f46600671b1554

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a7e1475d-4bd7-46dc-a2f0-c77be58ea04b.tmp

MD5 f3696c200077e6e68dc49e502b404e16
SHA1 e08f989bca9f9f4f8e71aeb2602c81873f5a66f5
SHA256 9e2b1996e71d3eb0550faa52c6726b6e8b9689873b4a2b467fa2f77f0fb955d5
SHA512 397cd1de7fab7f189b3c58fb6867cab77494b373f2fbd0deb069139cc879eca04d0f15ab69f626e29d3f5b12b8ada23808e85fe0f8e0b6b9b07ad3ddbed8046b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9d91204aaeca2950c90ebb1aa1f1faa3
SHA1 1b27921758b5a4a5cbacf8621e26743f6210abd8
SHA256 157e450e86d1858598231fd4e3bd16f80d4767d3242c3f4eb84e3ed7f5dcfa54
SHA512 89bafee01d2b022ee5857353f0d7893011f674ed0d663f47fc544bed8d9c62a7fe321553247e6b1c4cf9ff153704ff8e1abe25e66b3f45a4054b290895f1ec19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6eaeb7a289ec57667818f12d596e6ca2
SHA1 588d943eda35762bdb2678555f2f91e4b9de2611
SHA256 e0369f5f79c85ab4df453e3bf3483aab97deb348619a2ba719bd9e8d9a14bfcc
SHA512 d03d22bbec0802dbe569e5f8c52f5da59ceb129ed9329a5e6b39c9e0753346b70b4499125a28585a4ecf2f3d270c66c3d2c0e9de12036fae64503ff51868cfba

memory/6712-258-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6712-259-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6712-260-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6712-262-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d7c9dae1c9d25ffdbb643c2578e1e56
SHA1 04b8892684e1a4501d539ae99e456a3297b4dbb9
SHA256 7c1735ee55c1f09a8d6bcce94c01c538d627d0b118374aa8e0c0c6a48d5dbfef
SHA512 4ea4f8a29439579e752648e73c2f634a076eb0faf0cce736ae3759611d13a3887b5380ebbd41dc581bf60b25a7706232ebfa61d40c5f65c8118fb4e97a57a33d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gH38YZ.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1fe4939fe8003b5c7086b4c79568d9e4
SHA1 52e5b2ad786510101d3779e7a881a21abf2edfa8
SHA256 c4caf4e4e6ecc4270a54336c31a8a0539ec073094253a067c8e4d8b720342788
SHA512 4f5cec168b226e7202a82683a009f25d23537407024eb14664a8e426e0b5249ba39419f56b4a638fedffd2dae3ea03e632eed2588e320918ac0e9cad061ef939

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2062447d-6f4b-464e-9b8b-1125176fdb08.tmp

MD5 1fe4939fe8003b5c7086b4c79568d9e4
SHA1 52e5b2ad786510101d3779e7a881a21abf2edfa8
SHA256 c4caf4e4e6ecc4270a54336c31a8a0539ec073094253a067c8e4d8b720342788
SHA512 4f5cec168b226e7202a82683a009f25d23537407024eb14664a8e426e0b5249ba39419f56b4a638fedffd2dae3ea03e632eed2588e320918ac0e9cad061ef939

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bbb1d2e0ad695de296fc94d935f0a786
SHA1 37922ead203e5896950c9071e50dc6b4e827f173
SHA256 795aa6d8032de370b5b3a158f40ca574779a893d1625ae3052fe32c4a11e9e7b
SHA512 f5bad330f72b7ab08d388631160e1ca258067f4439783148d4226e6c01736c2357e76731da0496f77bedac3b5db4c44b817d3afa396e3e1b68393b6c7cb3744e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89fb12c7a319e66287ced6a0b265e962
SHA1 bb2c7f214ece073a07106332599e5acd07cb7617
SHA256 ecdbd2ae2c1b5459b851dda6ad12719f10722deef6c118f99fd151fc2f6939f2
SHA512 668c93868e8f6b5e1379d116468dd6dd46c416da2578d560353281169ea85035ce6f7ecc29880628bb7c8e97eb0d31f135e53b46da585bb79b2467b6b1277ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e430e0812e6bbb077b32a2f6c149f3d3
SHA1 00a5558ae62190e9bae5abfadffcfa3cfe59192a
SHA256 2f57e056e3d6a35c612cf702279975047d1fca14be61202e88a4ec37863ca882
SHA512 89eceaf19e36f0e6f1c766d58a61ce5616ae75d1fa5f7aeaa71383783a44d7749a00a90fc0778fcd95831236997c4eddb308b0750910a8078c601d01b64e3e2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 afbec2909826357ce27c96397dd9dd72
SHA1 eb656417d2cb964578df6e7caef391b8b1daff28
SHA256 851b0292f6c86751f1813b81752abda0e914ac955dc65ae9143b682d13eba564
SHA512 9c8ea6b87a0f6902e92fb8e59c335042447412177045d753f055eff2a55787afca6c0269ee79a9501fccc94fabc9214bfb29149448240d5ec5914f908a73cb92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 321208afa4da8c6c3b1c72ff2f9ebd65
SHA1 331802ffa09f6e0b9acdc853d32f1bc954f6842e
SHA256 93a91cf49f419fadabacbde94c1840d1f29d5457c6ab4a97395154f5737360b4
SHA512 f3b4bbb5ff8c576dcb5e3b98f931a35c92961be0596bab1f198f71e2c7a42ddfea9b7077b4e80b7ec1993954f63d1644f52737a0c1bd0bd57b568b0fedfb3b53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

memory/2164-634-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2164-649-0x0000000074A30000-0x00000000751E0000-memory.dmp

memory/2164-651-0x0000000007260000-0x0000000007804000-memory.dmp

memory/2164-652-0x0000000006DB0000-0x0000000006E42000-memory.dmp

memory/2164-704-0x0000000006F40000-0x0000000006F50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/7708-744-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7708-745-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7708-754-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7708-757-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/2164-781-0x0000000074A30000-0x00000000751E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25734e2d45f73cd3141b5085f1576e89
SHA1 775149f0a0e73464145e4c5f343af77be8b3d840
SHA256 d4b894446927f255c1e5e971e0a39aa48a80b917e5d5a7a8fed73e1f7649185a
SHA512 7180ae576754861eba117ba36dc3c02beb580114a66e2fc6aad4c6f3a389cc25f234a7bcda5b0c562368ad4dfd95e9ad9192aba09e24848ebf399e2900d3850c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2be63909a95f84c869fff0a633a854fa
SHA1 cfd14a0a3e5d4fd59732a469c5989793d830a80b
SHA256 5ddf5a9ee9cf61f90eb9a7ac15d482ef8fd51201fb7ec9001ed21d2396830da6
SHA512 33dc199bf475bf4e6e130cad37cfc1c5becb41da963d2594e100af27976e06a7805fa8dde402c28d954db752b2920e173cf8b944a67c819f0144b83f7cf4f860

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fa3a.TMP

MD5 cedc5c3f90627b02a27da650da3ed5e4
SHA1 336bbbb4789513b34a37d13e792b33774975194e
SHA256 7c2d2611b7db06160398a81cb5d5521be5eeabf53feb8d33cc4c4f5458d18bb0
SHA512 2ec65df3d0e748df11f0abbbe8e998fb825cddc01db8f7ed6775785fd7f9261f36ed169605d6762d73d83a9d0e1e0ccbd702c23ac92e378732a13d74b6fe87ff

memory/2164-789-0x0000000006F40000-0x0000000006F50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f84592a6109e37368c9fa29c493e7485
SHA1 6df1383b2d2ba6520a1cc14c0ca85622a3e5cf8a
SHA256 0aef8a038d2678bff2423015f85dd274354621506f5f87aa22a3f9506bde83a2
SHA512 e2134e37f60664381f6f9b825b650b09344ce4c052d9cba9f15aa441126656c26bb1262e80be2427a50ae929068d444ee438e5ab8c01db46f0b488453d253746

memory/2164-822-0x0000000006FB0000-0x0000000006FBA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2973e9b868a2b75194fbf80eec74ad03
SHA1 10773f35f2fb18fe6887a0b9ef51d2a39b8617bb
SHA256 bdb904f62015686c045f6e22491dba833c6d7ed1334268a6894815398f55149a
SHA512 ba72b6de6fd90295bb0656177f6070f5c5914d6d3671c8d9490c468056f83cba7433fa92d38d6c2761f642c7c122105f9f6a87269ab7231ce21c4d77d15a0a48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f52f64637c2afba9b9a933742e2e9ca
SHA1 1b72328235a593094a2d9bc180187918456f1913
SHA256 4caffd17595415142408b3e681f26f840b92632d0c0048aa16cbdeac755b5946
SHA512 853b4e60356b00d7b30481e5904b12703d5975a73f22ed591c2aa6e88889a50dd3b41a9fa80aeea296c449cf90343e66b2e6f5e26047f139f23283037a761843

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5939c3.TMP

MD5 558853f3a9903dc3f97d944b75b3fc52
SHA1 c9ddb98e0bde4d4fe40664f1f78c040ee4f9eacb
SHA256 ce83c4374cbf6b3db5bd2611f204647453561a0384719582bd24575ea10d1dd1
SHA512 d0d0e2d864bd53b3a986bb88e1a9369abf88b407a21def9d3e9121baad1252db7688e7ae79cb82f56566da9f5ac069f33ccb497a29561fbe20d4d0fc7b7dafd2

memory/2164-1005-0x0000000007E30000-0x0000000008448000-memory.dmp

memory/2164-1014-0x0000000007990000-0x0000000007A9A000-memory.dmp

memory/2164-1015-0x00000000078C0000-0x00000000078D2000-memory.dmp

memory/2164-1016-0x0000000007920000-0x000000000795C000-memory.dmp

memory/2164-1017-0x0000000007AA0000-0x0000000007AEC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d0d734f0ec7b38d71246078f61bed70c
SHA1 5fa2fde4dac87f0ee15d89d1e057803dc76a2bd8
SHA256 5f5a2de17a91d1a396b87ec82fb0f2889a1146e1bfa59a63ec648387c128dcea
SHA512 ca9c8e0b4d7ac0a6abc335c05f6688869b767f82fa0fc90efe9d7c2de24e29be8c127ae6d11950967e416edd8f1f90d9e833e7f8c0a0b18426729fcaaf6b37f5