Analysis Overview
SHA256
6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e
Threat Level: Known bad
The file 6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e was found to be: Known bad.
Malicious Activity Summary
Detect Mystic stealer payload
Mystic
RedLine
RedLine payload
Executes dropped EXE
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
AutoIT Executable
Suspicious use of SetThreadContext
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 06:04
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 06:04
Reported
2023-11-11 06:07
Platform
win10v2004-20231025-en
Max time kernel
150s
Max time network
162s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gH38YZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Aq115.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1672 set thread context of 6712 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 7708 set thread context of 2164 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gH38YZ.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 7296 set thread context of 7708 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Aq115.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe
"C:\Users\Admin\AppData\Local\Temp\6518b4d22d03d65c0498dcd55bd516d5174ce6d50f19f6d793c99c7e5b3c4b0e.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9112446f8,0x7ff911244708,0x7ff911244718
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,15443733380452274596,4924006078547066292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,15443733380452274596,4924006078547066292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,5331339928508319588,10952418335711882005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,5331339928508319588,10952418335711882005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,11304315315577558884,11956915975924536597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4678555877747563117,3291171285947189825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4678555877747563117,3291171285947189825,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,11304315315577558884,11956915975924536597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7010854726902491588,15587112275066168057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7010854726902491588,15587112275066168057,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,674269359831384927,14300484317190498705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,674269359831384927,14300484317190498705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12523240949109121909,7869430349906098648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9043674185420560102,1022376907624352737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12523240949109121909,7869430349906098648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7825426488907221959,1981848469219630281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9043674185420560102,1022376907624352737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7825426488907221959,1981848469219630281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gH38YZ.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gH38YZ.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6712 -ip 6712
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8796 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4e8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9212 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Aq115.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Aq115.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10201898156101099404,13595650848845854066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9824 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 54.152.70.17:443 | www.epicgames.com | tcp |
| US | 54.152.70.17:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.70.152.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 35.201.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | 138.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rr5---sn-q4flrnss.googlevideo.com | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| NL | 142.250.179.182:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.57.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | i4.ytimg.com | udp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| DE | 172.217.23.206:443 | i4.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 34.195.142.151:443 | tracking.epicgames.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 18.239.36.22:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.22:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 169.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.142.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | rr5---sn-5hnednsz.googlevideo.com | udp |
| NL | 74.125.8.234:443 | rr5---sn-5hnednsz.googlevideo.com | tcp |
| NL | 74.125.8.234:443 | rr5---sn-5hnednsz.googlevideo.com | tcp |
| NL | 74.125.8.234:443 | rr5---sn-5hnednsz.googlevideo.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 234.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 57.53.21.104.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | rr1---sn-5hneknee.googlevideo.com | udp |
| NL | 74.125.8.70:443 | rr1---sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | 70.8.125.74.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 18.239.36.22:443 | static-assets-prod.unrealengine.com | tcp |
| NL | 142.250.179.182:443 | i.ytimg.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe
| MD5 | 8ac302628f2772626893f27efe66826f |
| SHA1 | e1464aa80a5f2f94bdcb115f3324b799c68b7e68 |
| SHA256 | b72b5c533ba0db093a3bb3df384fa03490e4ff52d3f413d5a6ae8b8bbd754324 |
| SHA512 | 7cf169627c4889843891553fb74f5fd526db15f40e6290dd1c2dfc9c3e057102c55d416e2933801c8f68f4af347aaad8e4cff2f6600746ffbb15cfd397cb979e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hH4hS69.exe
| MD5 | 8ac302628f2772626893f27efe66826f |
| SHA1 | e1464aa80a5f2f94bdcb115f3324b799c68b7e68 |
| SHA256 | b72b5c533ba0db093a3bb3df384fa03490e4ff52d3f413d5a6ae8b8bbd754324 |
| SHA512 | 7cf169627c4889843891553fb74f5fd526db15f40e6290dd1c2dfc9c3e057102c55d416e2933801c8f68f4af347aaad8e4cff2f6600746ffbb15cfd397cb979e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe
| MD5 | d0978f62a954becc37d5141ad29a6a8a |
| SHA1 | 078eb97db7f3a3fd15c7aa669cb29f1fadae752b |
| SHA256 | 5e10f1da6b0d230cf02d819e54a7da6c1f4dc0aeab99c1997de82b0d0bc243c0 |
| SHA512 | 881c6b491b4bbc348ee7590809dfd1d55654d04617e4ccc95708205a3a9b6f965e36553ac052e982c402f8936bc3a26d040385c5dfacce5995b690b77a3d999d |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gw6pk27.exe
| MD5 | d0978f62a954becc37d5141ad29a6a8a |
| SHA1 | 078eb97db7f3a3fd15c7aa669cb29f1fadae752b |
| SHA256 | 5e10f1da6b0d230cf02d819e54a7da6c1f4dc0aeab99c1997de82b0d0bc243c0 |
| SHA512 | 881c6b491b4bbc348ee7590809dfd1d55654d04617e4ccc95708205a3a9b6f965e36553ac052e982c402f8936bc3a26d040385c5dfacce5995b690b77a3d999d |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe
| MD5 | 96f43cbcb21ff619a1d03baff0e209af |
| SHA1 | 398efe83e05ff7dbbfb60a16b9f533c931cfa75a |
| SHA256 | 9756e7ad8e81a4eea95b0f10a5cf83b0bcda2c1d97e36c74c8f2fced67a5588e |
| SHA512 | e7379ccf7a853a51f318040138156d4e1bc43172ad699661627001039191b45051a4f921c4cfff21d8f2462156b6c9745088d87adbf382e841bb8b2e08fe3fb2 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3GW768vE.exe
| MD5 | 96f43cbcb21ff619a1d03baff0e209af |
| SHA1 | 398efe83e05ff7dbbfb60a16b9f533c931cfa75a |
| SHA256 | 9756e7ad8e81a4eea95b0f10a5cf83b0bcda2c1d97e36c74c8f2fced67a5588e |
| SHA512 | e7379ccf7a853a51f318040138156d4e1bc43172ad699661627001039191b45051a4f921c4cfff21d8f2462156b6c9745088d87adbf382e841bb8b2e08fe3fb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe
| MD5 | f790321c1cc9a2bcf13265f6159675b9 |
| SHA1 | 21a36b57c4e69d7792a36f6fc4e8bedb7622d181 |
| SHA256 | 1af4f49893fe5fbc0db885b1f5833b4c9c5eb5b05c5e58d29a8cf056fdf02eb1 |
| SHA512 | ea736bc9f89633051f0c848924f676118a00fefd1cb64dbd6c7ae7971d09fcc6c0855a263413b3e626c2a52608d45d5b24e6d0538172d7bc3483308d8b113d57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4sG9Kd3.exe
| MD5 | f790321c1cc9a2bcf13265f6159675b9 |
| SHA1 | 21a36b57c4e69d7792a36f6fc4e8bedb7622d181 |
| SHA256 | 1af4f49893fe5fbc0db885b1f5833b4c9c5eb5b05c5e58d29a8cf056fdf02eb1 |
| SHA512 | ea736bc9f89633051f0c848924f676118a00fefd1cb64dbd6c7ae7971d09fcc6c0855a263413b3e626c2a52608d45d5b24e6d0538172d7bc3483308d8b113d57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
\??\pipe\LOCAL\crashpad_1776_OUQPBHPKAIJRLIBS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
\??\pipe\LOCAL\crashpad_3540_APWDHIUTCEBITYMJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
\??\pipe\LOCAL\crashpad_3752_MXMIAATJXDGBXBBE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4384_AIHRNBPJWCHRHXKM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4508_HYKOFZPTOJNLVKLP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cff1e303e392e09b87319984e480184c |
| SHA1 | 0be60c21f1b0c898f14a55fa0c00938d322dc869 |
| SHA256 | 1317496ac12b545f0643948e8b36249df232dab958c0c554745502d5ee1503fb |
| SHA512 | faf0684edff67cf8b347632fbe32891f399a6e78d6b9f8bc0bca5f838c7b085a2225044c96e98732c675e0b5f43a9c68ed6bc67b4f64998d343c4b51f5297a03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cdb0689f5a0ef70e0cf644c778a68741 |
| SHA1 | 81c76e51859066c3e31705942eb488e84b2314cb |
| SHA256 | 542d6134b07768faae6a1f3e75105ae96804c0ac55bd8c6197b2e5b3091880aa |
| SHA512 | 0af822e1e0fc4a73729def43e87a80e49a9e3e352bd10a6c4e88d907a5a493330b27f0936a888ec6342700c7df9fa69983be140872414768355c7f5b37232dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 607cd4bdb0312313f4b44dd6d90b691b |
| SHA1 | 66853528c50779e5ee497113edeed8f60e7ce07d |
| SHA256 | b55114e7944d2e5a2edfdc94c66800e07d456ddd508b3ee21e0bcff47ffc16a9 |
| SHA512 | 556942598f8ea8240041f69c41373fb1ccc3ad56f999418472a021f58bbcd73da16dd5c57dc42aa88c9508dc5314531aa03c8ee81b576dae48fddfdffc79858b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cff1e303e392e09b87319984e480184c |
| SHA1 | 0be60c21f1b0c898f14a55fa0c00938d322dc869 |
| SHA256 | 1317496ac12b545f0643948e8b36249df232dab958c0c554745502d5ee1503fb |
| SHA512 | faf0684edff67cf8b347632fbe32891f399a6e78d6b9f8bc0bca5f838c7b085a2225044c96e98732c675e0b5f43a9c68ed6bc67b4f64998d343c4b51f5297a03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3de6586e-b1a9-45e3-8ef5-bfe1e320881c.tmp
| MD5 | 9d91204aaeca2950c90ebb1aa1f1faa3 |
| SHA1 | 1b27921758b5a4a5cbacf8621e26743f6210abd8 |
| SHA256 | 157e450e86d1858598231fd4e3bd16f80d4767d3242c3f4eb84e3ed7f5dcfa54 |
| SHA512 | 89bafee01d2b022ee5857353f0d7893011f674ed0d663f47fc544bed8d9c62a7fe321553247e6b1c4cf9ff153704ff8e1abe25e66b3f45a4054b290895f1ec19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 607cd4bdb0312313f4b44dd6d90b691b |
| SHA1 | 66853528c50779e5ee497113edeed8f60e7ce07d |
| SHA256 | b55114e7944d2e5a2edfdc94c66800e07d456ddd508b3ee21e0bcff47ffc16a9 |
| SHA512 | 556942598f8ea8240041f69c41373fb1ccc3ad56f999418472a021f58bbcd73da16dd5c57dc42aa88c9508dc5314531aa03c8ee81b576dae48fddfdffc79858b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cdb0689f5a0ef70e0cf644c778a68741 |
| SHA1 | 81c76e51859066c3e31705942eb488e84b2314cb |
| SHA256 | 542d6134b07768faae6a1f3e75105ae96804c0ac55bd8c6197b2e5b3091880aa |
| SHA512 | 0af822e1e0fc4a73729def43e87a80e49a9e3e352bd10a6c4e88d907a5a493330b27f0936a888ec6342700c7df9fa69983be140872414768355c7f5b37232dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f267f802acd7c820ffdf86183aad8f27 |
| SHA1 | 161ea8d019d9f25b0fd63fdf5a7ff9c01c7aadfb |
| SHA256 | f30e2b69113995eefb67086e2b89e875bc977f676e286908d359b5a3bc48f3c8 |
| SHA512 | 60eb2a011dd3f6267381747907a0a52ff4d20dca81cd0a9b133b37c536ed0a96f909edd8b1ef3bd84dfa17867b6cf0a1b5ff700ecd38eb037bbd5ff5fee0a17d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f267f802acd7c820ffdf86183aad8f27 |
| SHA1 | 161ea8d019d9f25b0fd63fdf5a7ff9c01c7aadfb |
| SHA256 | f30e2b69113995eefb67086e2b89e875bc977f676e286908d359b5a3bc48f3c8 |
| SHA512 | 60eb2a011dd3f6267381747907a0a52ff4d20dca81cd0a9b133b37c536ed0a96f909edd8b1ef3bd84dfa17867b6cf0a1b5ff700ecd38eb037bbd5ff5fee0a17d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ce170499a4d18aff505ced5eae1f82f |
| SHA1 | aad7cd862311f46917ae05c119938d1af84d4f93 |
| SHA256 | 41be457fedd27a97af6fa330819ee2c935537285b18376e3f12cb9908ef34b55 |
| SHA512 | 6d22d796bfd6ae37c05231c4e89a4ab4b51b9a416423d7818291fd3d81bea6d26dedfcf7b11652435d46862649cdd55763f65420cf0dbd67a59d203d8795d777 |
\??\pipe\LOCAL\crashpad_3480_XQRDXZNBBAVHGEHC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ce170499a4d18aff505ced5eae1f82f |
| SHA1 | aad7cd862311f46917ae05c119938d1af84d4f93 |
| SHA256 | 41be457fedd27a97af6fa330819ee2c935537285b18376e3f12cb9908ef34b55 |
| SHA512 | 6d22d796bfd6ae37c05231c4e89a4ab4b51b9a416423d7818291fd3d81bea6d26dedfcf7b11652435d46862649cdd55763f65420cf0dbd67a59d203d8795d777 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6eaeb7a289ec57667818f12d596e6ca2 |
| SHA1 | 588d943eda35762bdb2678555f2f91e4b9de2611 |
| SHA256 | e0369f5f79c85ab4df453e3bf3483aab97deb348619a2ba719bd9e8d9a14bfcc |
| SHA512 | d03d22bbec0802dbe569e5f8c52f5da59ceb129ed9329a5e6b39c9e0753346b70b4499125a28585a4ecf2f3d270c66c3d2c0e9de12036fae64503ff51868cfba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c0172c5d-2020-40e9-bafb-a113129a8660.tmp
| MD5 | 85f10380a78d1d5d511a62a1a67d4381 |
| SHA1 | c732bef1d434253519c641a8f6f48fb722415abc |
| SHA256 | 81ccb5d7199987f4dcd6476338eae6089d7178f5bdc24f33c0f8e21341524385 |
| SHA512 | 874fcce3cc4625a4ae7b35125a93ab57cba6c6ea252bf23871e91e40db9a6cb6098950e53ac5c694df5a361962a9d6a88347e4a58781b8c517f46600671b1554 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a7e1475d-4bd7-46dc-a2f0-c77be58ea04b.tmp
| MD5 | f3696c200077e6e68dc49e502b404e16 |
| SHA1 | e08f989bca9f9f4f8e71aeb2602c81873f5a66f5 |
| SHA256 | 9e2b1996e71d3eb0550faa52c6726b6e8b9689873b4a2b467fa2f77f0fb955d5 |
| SHA512 | 397cd1de7fab7f189b3c58fb6867cab77494b373f2fbd0deb069139cc879eca04d0f15ab69f626e29d3f5b12b8ada23808e85fe0f8e0b6b9b07ad3ddbed8046b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9d91204aaeca2950c90ebb1aa1f1faa3 |
| SHA1 | 1b27921758b5a4a5cbacf8621e26743f6210abd8 |
| SHA256 | 157e450e86d1858598231fd4e3bd16f80d4767d3242c3f4eb84e3ed7f5dcfa54 |
| SHA512 | 89bafee01d2b022ee5857353f0d7893011f674ed0d663f47fc544bed8d9c62a7fe321553247e6b1c4cf9ff153704ff8e1abe25e66b3f45a4054b290895f1ec19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6eaeb7a289ec57667818f12d596e6ca2 |
| SHA1 | 588d943eda35762bdb2678555f2f91e4b9de2611 |
| SHA256 | e0369f5f79c85ab4df453e3bf3483aab97deb348619a2ba719bd9e8d9a14bfcc |
| SHA512 | d03d22bbec0802dbe569e5f8c52f5da59ceb129ed9329a5e6b39c9e0753346b70b4499125a28585a4ecf2f3d270c66c3d2c0e9de12036fae64503ff51868cfba |
memory/6712-258-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6712-259-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6712-260-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6712-262-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d7c9dae1c9d25ffdbb643c2578e1e56 |
| SHA1 | 04b8892684e1a4501d539ae99e456a3297b4dbb9 |
| SHA256 | 7c1735ee55c1f09a8d6bcce94c01c538d627d0b118374aa8e0c0c6a48d5dbfef |
| SHA512 | 4ea4f8a29439579e752648e73c2f634a076eb0faf0cce736ae3759611d13a3887b5380ebbd41dc581bf60b25a7706232ebfa61d40c5f65c8118fb4e97a57a33d |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gH38YZ.exe
| MD5 | fbc6d505bc02bc28d6fcd297f4b0cb46 |
| SHA1 | a41685f43afbe5e70bdebab0e11f33163ccab625 |
| SHA256 | 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e |
| SHA512 | c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1fe4939fe8003b5c7086b4c79568d9e4 |
| SHA1 | 52e5b2ad786510101d3779e7a881a21abf2edfa8 |
| SHA256 | c4caf4e4e6ecc4270a54336c31a8a0539ec073094253a067c8e4d8b720342788 |
| SHA512 | 4f5cec168b226e7202a82683a009f25d23537407024eb14664a8e426e0b5249ba39419f56b4a638fedffd2dae3ea03e632eed2588e320918ac0e9cad061ef939 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2062447d-6f4b-464e-9b8b-1125176fdb08.tmp
| MD5 | 1fe4939fe8003b5c7086b4c79568d9e4 |
| SHA1 | 52e5b2ad786510101d3779e7a881a21abf2edfa8 |
| SHA256 | c4caf4e4e6ecc4270a54336c31a8a0539ec073094253a067c8e4d8b720342788 |
| SHA512 | 4f5cec168b226e7202a82683a009f25d23537407024eb14664a8e426e0b5249ba39419f56b4a638fedffd2dae3ea03e632eed2588e320918ac0e9cad061ef939 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbb1d2e0ad695de296fc94d935f0a786 |
| SHA1 | 37922ead203e5896950c9071e50dc6b4e827f173 |
| SHA256 | 795aa6d8032de370b5b3a158f40ca574779a893d1625ae3052fe32c4a11e9e7b |
| SHA512 | f5bad330f72b7ab08d388631160e1ca258067f4439783148d4226e6c01736c2357e76731da0496f77bedac3b5db4c44b817d3afa396e3e1b68393b6c7cb3744e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 89fb12c7a319e66287ced6a0b265e962 |
| SHA1 | bb2c7f214ece073a07106332599e5acd07cb7617 |
| SHA256 | ecdbd2ae2c1b5459b851dda6ad12719f10722deef6c118f99fd151fc2f6939f2 |
| SHA512 | 668c93868e8f6b5e1379d116468dd6dd46c416da2578d560353281169ea85035ce6f7ecc29880628bb7c8e97eb0d31f135e53b46da585bb79b2467b6b1277ddb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e430e0812e6bbb077b32a2f6c149f3d3 |
| SHA1 | 00a5558ae62190e9bae5abfadffcfa3cfe59192a |
| SHA256 | 2f57e056e3d6a35c612cf702279975047d1fca14be61202e88a4ec37863ca882 |
| SHA512 | 89eceaf19e36f0e6f1c766d58a61ce5616ae75d1fa5f7aeaa71383783a44d7749a00a90fc0778fcd95831236997c4eddb308b0750910a8078c601d01b64e3e2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | afbec2909826357ce27c96397dd9dd72 |
| SHA1 | eb656417d2cb964578df6e7caef391b8b1daff28 |
| SHA256 | 851b0292f6c86751f1813b81752abda0e914ac955dc65ae9143b682d13eba564 |
| SHA512 | 9c8ea6b87a0f6902e92fb8e59c335042447412177045d753f055eff2a55787afca6c0269ee79a9501fccc94fabc9214bfb29149448240d5ec5914f908a73cb92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 321208afa4da8c6c3b1c72ff2f9ebd65 |
| SHA1 | 331802ffa09f6e0b9acdc853d32f1bc954f6842e |
| SHA256 | 93a91cf49f419fadabacbde94c1840d1f29d5457c6ab4a97395154f5737360b4 |
| SHA512 | f3b4bbb5ff8c576dcb5e3b98f931a35c92961be0596bab1f198f71e2c7a42ddfea9b7077b4e80b7ec1993954f63d1644f52737a0c1bd0bd57b568b0fedfb3b53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e2565e589c9c038c551766400aefc665 |
| SHA1 | 77893bb0d295c2737e31a3f539572367c946ab27 |
| SHA256 | 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80 |
| SHA512 | 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d |
memory/2164-634-0x0000000000400000-0x000000000043C000-memory.dmp
memory/2164-649-0x0000000074A30000-0x00000000751E0000-memory.dmp
memory/2164-651-0x0000000007260000-0x0000000007804000-memory.dmp
memory/2164-652-0x0000000006DB0000-0x0000000006E42000-memory.dmp
memory/2164-704-0x0000000006F40000-0x0000000006F50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/7708-744-0x0000000000400000-0x0000000000488000-memory.dmp
memory/7708-745-0x0000000000400000-0x0000000000488000-memory.dmp
memory/7708-754-0x0000000000400000-0x0000000000488000-memory.dmp
memory/7708-757-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/2164-781-0x0000000074A30000-0x00000000751E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25734e2d45f73cd3141b5085f1576e89 |
| SHA1 | 775149f0a0e73464145e4c5f343af77be8b3d840 |
| SHA256 | d4b894446927f255c1e5e971e0a39aa48a80b917e5d5a7a8fed73e1f7649185a |
| SHA512 | 7180ae576754861eba117ba36dc3c02beb580114a66e2fc6aad4c6f3a389cc25f234a7bcda5b0c562368ad4dfd95e9ad9192aba09e24848ebf399e2900d3850c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2be63909a95f84c869fff0a633a854fa |
| SHA1 | cfd14a0a3e5d4fd59732a469c5989793d830a80b |
| SHA256 | 5ddf5a9ee9cf61f90eb9a7ac15d482ef8fd51201fb7ec9001ed21d2396830da6 |
| SHA512 | 33dc199bf475bf4e6e130cad37cfc1c5becb41da963d2594e100af27976e06a7805fa8dde402c28d954db752b2920e173cf8b944a67c819f0144b83f7cf4f860 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fa3a.TMP
| MD5 | cedc5c3f90627b02a27da650da3ed5e4 |
| SHA1 | 336bbbb4789513b34a37d13e792b33774975194e |
| SHA256 | 7c2d2611b7db06160398a81cb5d5521be5eeabf53feb8d33cc4c4f5458d18bb0 |
| SHA512 | 2ec65df3d0e748df11f0abbbe8e998fb825cddc01db8f7ed6775785fd7f9261f36ed169605d6762d73d83a9d0e1e0ccbd702c23ac92e378732a13d74b6fe87ff |
memory/2164-789-0x0000000006F40000-0x0000000006F50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f84592a6109e37368c9fa29c493e7485 |
| SHA1 | 6df1383b2d2ba6520a1cc14c0ca85622a3e5cf8a |
| SHA256 | 0aef8a038d2678bff2423015f85dd274354621506f5f87aa22a3f9506bde83a2 |
| SHA512 | e2134e37f60664381f6f9b825b650b09344ce4c052d9cba9f15aa441126656c26bb1262e80be2427a50ae929068d444ee438e5ab8c01db46f0b488453d253746 |
memory/2164-822-0x0000000006FB0000-0x0000000006FBA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2973e9b868a2b75194fbf80eec74ad03 |
| SHA1 | 10773f35f2fb18fe6887a0b9ef51d2a39b8617bb |
| SHA256 | bdb904f62015686c045f6e22491dba833c6d7ed1334268a6894815398f55149a |
| SHA512 | ba72b6de6fd90295bb0656177f6070f5c5914d6d3671c8d9490c468056f83cba7433fa92d38d6c2761f642c7c122105f9f6a87269ab7231ce21c4d77d15a0a48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f52f64637c2afba9b9a933742e2e9ca |
| SHA1 | 1b72328235a593094a2d9bc180187918456f1913 |
| SHA256 | 4caffd17595415142408b3e681f26f840b92632d0c0048aa16cbdeac755b5946 |
| SHA512 | 853b4e60356b00d7b30481e5904b12703d5975a73f22ed591c2aa6e88889a50dd3b41a9fa80aeea296c449cf90343e66b2e6f5e26047f139f23283037a761843 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5939c3.TMP
| MD5 | 558853f3a9903dc3f97d944b75b3fc52 |
| SHA1 | c9ddb98e0bde4d4fe40664f1f78c040ee4f9eacb |
| SHA256 | ce83c4374cbf6b3db5bd2611f204647453561a0384719582bd24575ea10d1dd1 |
| SHA512 | d0d0e2d864bd53b3a986bb88e1a9369abf88b407a21def9d3e9121baad1252db7688e7ae79cb82f56566da9f5ac069f33ccb497a29561fbe20d4d0fc7b7dafd2 |
memory/2164-1005-0x0000000007E30000-0x0000000008448000-memory.dmp
memory/2164-1014-0x0000000007990000-0x0000000007A9A000-memory.dmp
memory/2164-1015-0x00000000078C0000-0x00000000078D2000-memory.dmp
memory/2164-1016-0x0000000007920000-0x000000000795C000-memory.dmp
memory/2164-1017-0x0000000007AA0000-0x0000000007AEC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d0d734f0ec7b38d71246078f61bed70c |
| SHA1 | 5fa2fde4dac87f0ee15d89d1e057803dc76a2bd8 |
| SHA256 | 5f5a2de17a91d1a396b87ec82fb0f2889a1146e1bfa59a63ec648387c128dcea |
| SHA512 | ca9c8e0b4d7ac0a6abc335c05f6688869b767f82fa0fc90efe9d7c2de24e29be8c127ae6d11950967e416edd8f1f90d9e833e7f8c0a0b18426729fcaaf6b37f5 |