Analysis Overview
SHA256
d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c
Threat Level: Known bad
The file d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c was found to be: Known bad.
Malicious Activity Summary
RedLine
Mystic
RedLine payload
Detect Mystic stealer payload
Executes dropped EXE
Adds Run key to start application
AutoIT Executable
Suspicious use of SetThreadContext
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 08:14
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 08:14
Reported
2023-11-11 08:17
Platform
win10v2004-20231020-en
Max time kernel
173s
Max time network
182s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yB5Fv83.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ut82dv2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2QQ4825.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3vk53WU.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yB5Fv83.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 456 set thread context of 6652 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2QQ4825.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 7256 set thread context of 6908 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3vk53WU.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c.exe
"C:\Users\Admin\AppData\Local\Temp\d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yB5Fv83.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yB5Fv83.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ut82dv2.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ut82dv2.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x84,0x16c,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x104,0x16c,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e3c146f8,0x7ff9e3c14708,0x7ff9e3c14718
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2QQ4825.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2QQ4825.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,9250828237459659691,8986830981335472426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,574395811102572316,16646872675021861754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,7997532649494451419,13296736467447579809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,7997532649494451419,13296736467447579809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2513041673322277764,17452865973261555501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3590639139896576570,41691658058352967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,574395811102572316,16646872675021861754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2513041673322277764,17452865973261555501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16056495493151436210,2095130272086934857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16056495493151436210,2095130272086934857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,9250828237459659691,8986830981335472426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3590639139896576570,41691658058352967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17599906978895304382,10869364863109402911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17599906978895304382,10869364863109402911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9033398483954610602,9347058040041079774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9033398483954610602,9347058040041079774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17163823654454026956,15296719139222528212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17163823654454026956,15296719139222528212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3vk53WU.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3vk53WU.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9324 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6652 -ip 6652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17943626631189648219,13854824547124936815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6280 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 3.221.61.110:443 | www.epicgames.com | tcp |
| US | 3.221.61.110:443 | www.epicgames.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.61.221.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.145.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| NL | 199.232.148.158:443 | video.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| DE | 172.217.23.214:443 | i.ytimg.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 54.205.234.65:443 | tracking.epicgames.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | 105.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.234.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 138.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | rr5---sn-q4flrn7r.googlevideo.com | udp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 106.165.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yB5Fv83.exe
| MD5 | fcf8022067d1ee859990454bb5099035 |
| SHA1 | 3786227b187306577356c060e0025be61b992c34 |
| SHA256 | 1645ca63edcce554088c600de12e16a7cdee400e9f725fb00f143f922d5a6a3e |
| SHA512 | 78d06eb154395b5d2d9ce9f38a320b914647665d7e8634f63d35104e556c3b2834df45db47948e1ece47584c20c8c95033633fd5a97e43f219e69fb898d8bfdb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yB5Fv83.exe
| MD5 | fcf8022067d1ee859990454bb5099035 |
| SHA1 | 3786227b187306577356c060e0025be61b992c34 |
| SHA256 | 1645ca63edcce554088c600de12e16a7cdee400e9f725fb00f143f922d5a6a3e |
| SHA512 | 78d06eb154395b5d2d9ce9f38a320b914647665d7e8634f63d35104e556c3b2834df45db47948e1ece47584c20c8c95033633fd5a97e43f219e69fb898d8bfdb |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ut82dv2.exe
| MD5 | 33738a48b47af307d335976f213c0da7 |
| SHA1 | 2a58d7fa08802901a43f5fa550b5a5336366b312 |
| SHA256 | 4c375e582cd54ed9833a6f4fe359d1aceeac9baf145a7283f4d4f8591a7ab937 |
| SHA512 | 2aec57f80719c49614333af3d74e33617330f37a2c23b417c998ebca718d201cb4cc33fdec2b2316815b3c8a202b42375ba4acb3581d0896927dbf21df2a6562 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ut82dv2.exe
| MD5 | 33738a48b47af307d335976f213c0da7 |
| SHA1 | 2a58d7fa08802901a43f5fa550b5a5336366b312 |
| SHA256 | 4c375e582cd54ed9833a6f4fe359d1aceeac9baf145a7283f4d4f8591a7ab937 |
| SHA512 | 2aec57f80719c49614333af3d74e33617330f37a2c23b417c998ebca718d201cb4cc33fdec2b2316815b3c8a202b42375ba4acb3581d0896927dbf21df2a6562 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2QQ4825.exe
| MD5 | a1e1e45e9f26473d0460734ad6faa9a7 |
| SHA1 | 759f311b8770981148ff92c273cde741590995f9 |
| SHA256 | bd849c0a1ab11cf47e2d955f75369fac17d7df393ea2d85724c35a8a3f6bdc89 |
| SHA512 | eed38e8ba019860fcd41811aa80033fc0f3ef780fb2415189989e28c0ea0d7f5b19171d525248fc8c4eda891bb7a1cfdfdae1254d790bd66470a3d86fae3b687 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2QQ4825.exe
| MD5 | a1e1e45e9f26473d0460734ad6faa9a7 |
| SHA1 | 759f311b8770981148ff92c273cde741590995f9 |
| SHA256 | bd849c0a1ab11cf47e2d955f75369fac17d7df393ea2d85724c35a8a3f6bdc89 |
| SHA512 | eed38e8ba019860fcd41811aa80033fc0f3ef780fb2415189989e28c0ea0d7f5b19171d525248fc8c4eda891bb7a1cfdfdae1254d790bd66470a3d86fae3b687 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
\??\pipe\LOCAL\crashpad_1192_RZNLWNZBYDMLMUWX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
\??\pipe\LOCAL\crashpad_3768_LPXMXXYFSUVNDDGJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_3536_UYPIOVZHMXCUMNBM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4412_YBXNETVJBIJSCCNF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_5080_NGNVJFAOJNKDVJLN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1836_PAQAAXPPPDAZEDGO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_5020_ELNIOURLKEDNGLIW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
\??\pipe\LOCAL\crashpad_3884_XZDUCYLHGHVQKRKC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1512_DJLITVVHHJVZEDVH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1116_MHEWMYQIZTJTMFGX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\61439df1-9bf9-4bbe-bfbb-14f2ff3ca77c.tmp
| MD5 | f7797d2e2255ac38bf4395dd0b48ca56 |
| SHA1 | 526b70e1c75e100c084f3c1639954c343db8fa85 |
| SHA256 | c3544fe2b3280e38a20a5ff5bbcf3d60e58731a03c362c7bb5b7e058280d92db |
| SHA512 | 5158bc40b08fefe033925010261d4111bec47ae3bffdcf04e2d43449c4a36ab6b8983f24220cd200e29f603a19e1eaadbd3301f892830af8d2ca76b9f6ee37f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 04ef0152a49f481f31531a7255583e29 |
| SHA1 | edbacb181bb4ff56900826d8138ddcfcd449bc7b |
| SHA256 | 9096c55f0e63e27b9443c47eb6cedccab0f723c12f5d7e712a7210a7728d6b35 |
| SHA512 | e011b342e807438072958cb77d086ee0e21e35cd34210ce164bdb867ba86bacbfb09f7bed39ab075acde41aafc1f56621696fe441ba0a17912dc9a502a7c5ed4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\142279fa-56dc-4aaa-ae6c-82768c40e5d5.tmp
| MD5 | 929756ff6498c1ae12f739d683f30640 |
| SHA1 | 3e81b02591e33a9eb865b2a3169e281099c78e85 |
| SHA256 | 68f4f260afa1d22909cfea8a8b301d78ce515496e453dfa805f31cdbcccc8150 |
| SHA512 | ed254e5c81ba806ac0c87dba9ecc04604507b783bfc85537ccee056b2d61f2a8bd730e0c6c924a88371fd658421e4cb215300cfbe0e9aae8b36a41a3c6ce9796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5f2229641e1c338a6ad72160e8e987d6 |
| SHA1 | c48ec16f6c876487ab8393a5fecf46dbf9de4f7d |
| SHA256 | 92fc5af39710aebf318a9048cee06a6ffbfda4d3910efb5047dcd7a1f951099b |
| SHA512 | d6ddba60b2275fc04725670ffb6a5ad03121f4efaba9d1a851159d981f5c6165f1f88d5d66cc4d576f560336783c1dc15d9b17c1bd4e892a24c0323e3b3f09ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7d3c96fc-5f6f-475d-b9fe-6c3ce91d2990.tmp
| MD5 | e0bac179a0917fede48429108a6109e1 |
| SHA1 | da10d6e4b97d3bedcfc43311f3b550c43c71fa18 |
| SHA256 | b1df8ef71d66979ce646c9bf548a76291cd526ea67d8d14061aac3b3f85975a5 |
| SHA512 | ae65eaf5d22a10e0722a1e00d141bfce3f5cc8900539c95c0565d1adf295b6a6859b326e03dbcd640b108cc051929b1beb5ec887d3f8e39470cbd515c5ae9076 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e5979b3f-b6da-4c63-9612-081a235ef878.tmp
| MD5 | 5f2229641e1c338a6ad72160e8e987d6 |
| SHA1 | c48ec16f6c876487ab8393a5fecf46dbf9de4f7d |
| SHA256 | 92fc5af39710aebf318a9048cee06a6ffbfda4d3910efb5047dcd7a1f951099b |
| SHA512 | d6ddba60b2275fc04725670ffb6a5ad03121f4efaba9d1a851159d981f5c6165f1f88d5d66cc4d576f560336783c1dc15d9b17c1bd4e892a24c0323e3b3f09ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\264e56e2-bd7b-4b93-8c5d-67e8f129e260.tmp
| MD5 | 671e848b1c82906e835b15b6e4c13ccc |
| SHA1 | 261a6ffbaae97ef1be7dc2d9682fe4bef4514316 |
| SHA256 | 70594b3c05042cc0466dfe9fff09131a35e4d08872c5141544cd2afb6308ac32 |
| SHA512 | 1300c7213fd467ee212b0e9fb913320e9d54d42041b251a52b34ffb7af40c481c2dd54cb488dfccb375baadd51bc6f2bbced25848ebe88a60c0b7874d4a9b70a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\dc48c9a8-02ae-4fa9-b44e-de22ebabb444.tmp
| MD5 | 3c9443bb3d681edec2b4b36aac310196 |
| SHA1 | e9407d7080e1b3f86ce06bee16d349a78fe4f7ab |
| SHA256 | 637ddd1927e522095046a99aba6cc78abc7dcccea217a617b8b39741d3181d04 |
| SHA512 | 12c7c37317ef38503c6df7b0427d9d32a1dd62d325f8de890de87e7b0f0bb85147f44eb48b5adc038b72bd1f39b0eaae3867ea3c015bef48babf39e7d8ebb239 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\14c0f489-6143-4365-bf71-c5086da2808c.tmp
| MD5 | 87a8974282e84e84f43d8b5d82e08b72 |
| SHA1 | 4184784f0ab254a05318297406a50f3783bcf564 |
| SHA256 | 805487e7cd4dbc0b46ae77336865d9618030b46669deb14b0284a88ec5294056 |
| SHA512 | 6ed90cdbd34a9503ad21d95cec4ec2603225dba47f0b4288dc83cadf843d8f6a585e27dc087cfa23f929d347a596bacdf01b2565063523341827ec98f8d12fe0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\308f32bf-5cad-4502-9598-95e7606cc549.tmp
| MD5 | c2644025f685df09ddfd3f506cce2e68 |
| SHA1 | f1b4edf65c0b5f6ab330721059c556b3d6af8e92 |
| SHA256 | 45e665e1b30229f9b012a7aecf1ed8ffb8109637c852a55e41e14f73ec203eaa |
| SHA512 | b56d6e0d0f58f6aed8eeddb0e79c487bedfb56c7bbe7b73e6f3fb8bc07c21caffd9f6109a3e980953279799aaa0e234e7f52e6af7f0259c61d4e711f04e6a156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f7797d2e2255ac38bf4395dd0b48ca56 |
| SHA1 | 526b70e1c75e100c084f3c1639954c343db8fa85 |
| SHA256 | c3544fe2b3280e38a20a5ff5bbcf3d60e58731a03c362c7bb5b7e058280d92db |
| SHA512 | 5158bc40b08fefe033925010261d4111bec47ae3bffdcf04e2d43449c4a36ab6b8983f24220cd200e29f603a19e1eaadbd3301f892830af8d2ca76b9f6ee37f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\33729e3a-900e-477e-baa2-545fec1d85f4.tmp
| MD5 | 04ef0152a49f481f31531a7255583e29 |
| SHA1 | edbacb181bb4ff56900826d8138ddcfcd449bc7b |
| SHA256 | 9096c55f0e63e27b9443c47eb6cedccab0f723c12f5d7e712a7210a7728d6b35 |
| SHA512 | e011b342e807438072958cb77d086ee0e21e35cd34210ce164bdb867ba86bacbfb09f7bed39ab075acde41aafc1f56621696fe441ba0a17912dc9a502a7c5ed4 |
memory/6652-299-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6652-306-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6652-308-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6652-310-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3vk53WU.exe
| MD5 | fbc6d505bc02bc28d6fcd297f4b0cb46 |
| SHA1 | a41685f43afbe5e70bdebab0e11f33163ccab625 |
| SHA256 | 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e |
| SHA512 | c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42e61574246e0859ad9cb93c63035e40 |
| SHA1 | d51ae2a1ab80cdac2335f005fee4f2dd1529d8c1 |
| SHA256 | 512f3eca903117c1208430ae5af36ba1b4b00688f9630e2dc0c0f5a82b3906b9 |
| SHA512 | a8ce8e2362ef70ee25e558f2432495a6cc430a32a1e7b9dad01b84950f63fc378299d8fd068c333437548947e305200ef6ccba0cf582c62963fe50625d9ce7a2 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3vk53WU.exe
| MD5 | fbc6d505bc02bc28d6fcd297f4b0cb46 |
| SHA1 | a41685f43afbe5e70bdebab0e11f33163ccab625 |
| SHA256 | 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e |
| SHA512 | c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87a8974282e84e84f43d8b5d82e08b72 |
| SHA1 | 4184784f0ab254a05318297406a50f3783bcf564 |
| SHA256 | 805487e7cd4dbc0b46ae77336865d9618030b46669deb14b0284a88ec5294056 |
| SHA512 | 6ed90cdbd34a9503ad21d95cec4ec2603225dba47f0b4288dc83cadf843d8f6a585e27dc087cfa23f929d347a596bacdf01b2565063523341827ec98f8d12fe0 |
memory/6908-336-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4da5789b-188a-4a21-9232-c77c5c0332f7.tmp
| MD5 | 5a1d2f540e0c091e002cc3d2bfbffc40 |
| SHA1 | 1a8a93e166bf67e28f257df21841b24b7a8bd103 |
| SHA256 | 76f0735a571fdc3663a733c0662c76c1933758065380b7a3e1045a6b5fa3742e |
| SHA512 | 2f3451bf1549aea902ebfa8bdabb9f0877b0dd20c84e5f9a8d444b349ca4b8b6b6d99dfca7fd3ab8ead48b2c29d28ac73e04dd5f3430dc92108e43d8696fd2fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc84667228280af490c9fdead7234e94 |
| SHA1 | 70e8aeb16b52ecb29ca0785805db7397f23c379f |
| SHA256 | 9631b9d1e4899120baa82627536b081125735f6f0b9f5c8a6e505a8e7fb1549e |
| SHA512 | 212f532694f52ea6c9fa2816a38b60b2a89b44b6449e84fb97851d4b77090dd993f3d69c84c84267090facebcef53d92acf9b218c99c9a24232b976057119b7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9574ecbe16ea2f29baa0f94b550eeed |
| SHA1 | b41ddb09193b33e6f1ac2706ab6424e2a170600a |
| SHA256 | 0fa9524b1ccd5fd414a5f587f515cf164cea12e51f1300151915e04e79dfd110 |
| SHA512 | d53c873f8e29064aba79e094eee9ddc7b041e9f56870ca32d2cf16e6ca587e357a72694c5f8a045737b07821e1ece3236186bf706edbe6a24595f1c4edc4cca7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | fd20981c7184673929dfcab50885629b |
| SHA1 | 14c2437aad662b119689008273844bac535f946c |
| SHA256 | 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22 |
| SHA512 | b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5409fc54f0d62e97110db624933fb6d9 |
| SHA1 | fce63b59105a28b6e90b6e1b551922f4155e196f |
| SHA256 | be958d6496be0453729d181972cf1cecd9f88d037f39b2c747b9144f1e87a754 |
| SHA512 | a442fa954a6e2ed21c71f53509c7a38622a1c4588ed8ad5d6e1b8a092955cd006b45a5622da26aadf8666807c751f154b985e643bffb28f29797974b2c0395dd |
memory/6908-646-0x0000000073E90000-0x0000000074640000-memory.dmp
memory/6908-672-0x0000000007DE0000-0x0000000008384000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
memory/6908-718-0x0000000007930000-0x00000000079C2000-memory.dmp
memory/6908-725-0x0000000073E90000-0x0000000074640000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61f48a62ea609b78b713b4f659a102a0 |
| SHA1 | fa07b36da326069ef34e28b9b8c0a4978f0e8980 |
| SHA256 | 9ed9a084010d0dd7dd618954775ba38219176e3a236d812f320f3b56fc7341fd |
| SHA512 | ecd3ab220c220dbceacc483a19e7251ce6401b1a5e89dc0a789c48f134b20a819b9eae91c88b6b4f3d1f1102668a67a9059bd3029cda4fee54e8ce113f68faca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1860b5978c33a0c6aa1ba981a3b1a856 |
| SHA1 | db630e471f1cd1553903e4f5bd9513f9f10477f8 |
| SHA256 | 77a545e9992743bb9b601912640833d36db5fbbf2c87339ab0bed15dc704d150 |
| SHA512 | 3c7840d73b2321e25c1f90d2fc5337c6a0d0c759eb719d30da6c21e68f806bdae289738f5b032c20d51ad91af592137c04232536a30e14057e51e3c3b25fdc67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59906f.TMP
| MD5 | d131738923fbb0983d1b397258d3e070 |
| SHA1 | 8353dafe785075dce819d9f2d0032b2d7f66e195 |
| SHA256 | 9035d248b0d085d7515a9b12a3602ae81240664133eb0fdf80620ed62dc302d8 |
| SHA512 | 9af5421c1f3d7f24981203f3ed5d25cb73e4e0bbcf32c480ab4ba54f99d3aeab4b0fa48ef3a167e0c2b6c7da0d1b87e863c9f8bdc38601c6f023b9d2d1f052bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c6af806f058f3d279d30a319dce553d0 |
| SHA1 | 032627ed538c26659fc39509143df0ab89103a01 |
| SHA256 | b771c3aa32f3e73e1788c15a4f57faf508e9e12f514822170ff07dfaf437984c |
| SHA512 | 79b8ff1408b5e2c77231f3fe9bac288fbf73f88ba456cc0877abb7bd77f9ef5c2064b5246a6904148fb070dbb6c302b960284d249f41f5a299a015477063bddd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5831c82b29761c59b1b94b85c2c3eeb2 |
| SHA1 | 140b7ba1355ce47153feb85cc51277da622bf8e3 |
| SHA256 | ae437acb2314a597e4675b88ce2c5f3b229c0aca5ce04e492662039e356cce15 |
| SHA512 | 3d6505f38a4767b6ccc7ad034810ba4a1a6e23e5456f5720eee4d9c3da9797f71db1dfed20b5766d99260bfb8ba3c3673d65c0895996c075ce2fb918787cb3e7 |
memory/6908-877-0x0000000007D00000-0x0000000007D10000-memory.dmp
memory/6908-878-0x0000000007C80000-0x0000000007C8A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ba99e8ada9363426fce8c643cf03041 |
| SHA1 | 46e4909a1bc5a2a615de11cb6786ba868095d6c6 |
| SHA256 | 3b530a042f78dd57342a5363a6f39305da4f718b5b5e66104adbb92bb18a3c8d |
| SHA512 | cf17fb221d083079b1c11d9c588eb375aa7941424ca31379270e39a10876a7bf76b2c0196b04f72fb13d55d84b6fccbc304ea3c08a2e10cadab89806adb0a997 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d5720a7977e068b88fc262e2361d8a49 |
| SHA1 | e2f532c567bc9180361c59a91ae7b4274b0b7132 |
| SHA256 | 407630758fe1a0b61861d7bba011b241b9c12921e88749e47bdbcc05ae0714e6 |
| SHA512 | 71070dd38b7c004355356e7dd2901cde9cf499689b28173a816cfb9292df880c588bbcbe6c05d2add9a26e0be4c1ee8fe47210e3f3e5b15e9e326c8136a2ccc3 |
memory/6908-926-0x0000000007D00000-0x0000000007D10000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8e062d9befc6aabbf522fa6ad92be2d |
| SHA1 | 6bfb79e6742cb79a5047bb0602ad8795088c0e29 |
| SHA256 | 83c4da3dc835ca2bef62c88a4110b67f290b054612e65e1c2db2824827cbc90e |
| SHA512 | 3153f038e8abcb4bbe10c2b2d2428ba3efe8db345c8ceb161160989a7a882710111d9a61a11abc1812f6dcb35e3e7bf224c2ef253c998404830f6092c7ea77ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | cf364ba06c281fac06e2fd8ba6dc4a8d |
| SHA1 | 3b817d0f22a4bef9e831c9088f5004246e87dbd2 |
| SHA256 | 175355e1d1dd6791c6300e7a8d9b87937c5af5680ce01ec345f016925ed10ca9 |
| SHA512 | 91c70293ba5a664cfde95f8fb8157845cbe20e39d0c1bf1f874652e077dc26788941e5473c123a3a4052b45cce937e0714849197cea3abbee3b00c2d759747a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a30e5.TMP
| MD5 | 614f3e2674ef1786bec8a047acecb3a4 |
| SHA1 | cfb0ac33f71597d5744d49e8257b8280e86a0e65 |
| SHA256 | 28993dcc13348543fbfd177b78d11069717f7b5918b817d5a3d0babb218a48fa |
| SHA512 | 7947088eda548706a9eb9611871c5f53ec6bd09a4f80e904e6a5e63b2a09347b85ccd9439e28d7a43d75909fb0b8de9bfd507c4247e4634a8d071c041875cf2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 26ccb623292b9ea0cd18f6e0b88e3643 |
| SHA1 | dae9d7a35fedba607cdb63caf31002820cd05202 |
| SHA256 | b0e016be9aed7be3ddf387db63f01495031ec8b875e1955c94ed05ee4234b716 |
| SHA512 | e3807f9a6736a86c8c7453c9a3ac3fa56e9c5904a015ca6a4727f08d0a5cfcff7feb30f958fa2cb47bd9a6c3b83a3ed1d7af3521207414446dadbc754c363b57 |