Malware Analysis Report

2025-01-02 05:09

Sample ID 231111-jktw4sce4w
Target b72309222be81139937a5808c453346f.exe
SHA256 b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b7feb3870acabfdcf3bca70bd2036b94862ce27f4f4ed71ba78e83dfd7b1db98

Threat Level: Known bad

The file b72309222be81139937a5808c453346f.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Detect Mystic stealer payload

RedLine payload

Mystic

RedLine

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 07:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 07:44

Reported

2023-11-11 07:47

Platform

win10v2004-20231020-en

Max time kernel

171s

Max time network

196s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b72309222be81139937a5808c453346f.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\b72309222be81139937a5808c453346f.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1184 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\b72309222be81139937a5808c453346f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe
PID 1184 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\b72309222be81139937a5808c453346f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe
PID 1184 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\b72309222be81139937a5808c453346f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe
PID 3332 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe
PID 3332 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe
PID 3332 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe
PID 5052 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3608 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3608 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1348 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1348 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1304 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1304 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3944 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3944 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 980 wrote to memory of 1512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 980 wrote to memory of 1512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b72309222be81139937a5808c453346f.exe

"C:\Users\Admin\AppData\Local\Temp\b72309222be81139937a5808c453346f.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x70,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13970203116895792864,1999297379517685183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11622512339124964335,15262738677335701677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,13970203116895792864,1999297379517685183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11622512339124964335,15262738677335701677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,312700631715606231,6222476292461050004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,312700631715606231,6222476292461050004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,147623975001024256,13730979657798207188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaf50246f8,0x7ffaf5024708,0x7ffaf5024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4lR9qV8.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4lR9qV8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8860 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eW20Tq.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eW20Tq.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 560 -ip 560

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,11743119079438686356,8800211650256651996,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 store.steampowered.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 34.225.248.127:443 www.epicgames.com tcp
US 34.225.248.127:443 www.epicgames.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 127.248.225.34.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 91.127.177.108.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.39.118:443 i.ytimg.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.2:443 api.twitter.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.133:443 t.co tcp
US 192.229.220.133:443 video.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 118.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 fbsbx.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-q4fl6nsr.googlevideo.com udp
US 172.217.131.201:443 rr4---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.201:443 rr4---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.201:443 rr4---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.201:443 rr4---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.201:443 rr4---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.201:443 rr4---sn-q4fl6nsr.googlevideo.com tcp
US 8.8.8.8:53 201.131.217.172.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
NL 142.251.36.14:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe

MD5 ecb636d9242b2ee88efeeec7044c9773
SHA1 5a91e813eb1f42664ed7ce0372cf8972e5e9e7db
SHA256 428ff41e8510c937c7e4bf6709c3f9109c569199cf8155aea0ae9c6877edf89b
SHA512 f4a6e8c265bde74ae5b995932d61c45d1e1a823f419a6a6ef40de107a4cbc4b1023f5a80b9d1678ad4e00efe9a056c3980226c7721eb6fd93113cb177c62bef7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cJ4jQ89.exe

MD5 ecb636d9242b2ee88efeeec7044c9773
SHA1 5a91e813eb1f42664ed7ce0372cf8972e5e9e7db
SHA256 428ff41e8510c937c7e4bf6709c3f9109c569199cf8155aea0ae9c6877edf89b
SHA512 f4a6e8c265bde74ae5b995932d61c45d1e1a823f419a6a6ef40de107a4cbc4b1023f5a80b9d1678ad4e00efe9a056c3980226c7721eb6fd93113cb177c62bef7

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe

MD5 6b5874811db21dccaa2d905bb08c0e0b
SHA1 033faa26aace3b006a89108a255b64a716296807
SHA256 86449f6f2437a436fe2cc8f30b8dc51e983d6e353a07871f4c1972d55b32c227
SHA512 325d721d8926e75ca3c675cb8e1677df5962ea18d5112bc9cf25ab65560eb18530fe0219532ef6d3db5e8c916e10b8eb635c60e78bc10096c9c7c6fedbda5a0d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3yP862AZ.exe

MD5 6b5874811db21dccaa2d905bb08c0e0b
SHA1 033faa26aace3b006a89108a255b64a716296807
SHA256 86449f6f2437a436fe2cc8f30b8dc51e983d6e353a07871f4c1972d55b32c227
SHA512 325d721d8926e75ca3c675cb8e1677df5962ea18d5112bc9cf25ab65560eb18530fe0219532ef6d3db5e8c916e10b8eb635c60e78bc10096c9c7c6fedbda5a0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_1348_TBYMSYIZBYPBACDM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_1164_DQUAGVGHQQFDFRSQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3608_XZWVPMMFTJEHDXHV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a84a4e03febad9121e188ae7039070c6
SHA1 3f1e6b4809b2af9f2a7da93589f104cae10bd283
SHA256 1a013414b8e23fbbbed0d236f06cc8e44049715c01e22d6e28c5b60dd231b47f
SHA512 a7e8b791b02749110e78c504b49be4130f23fa7691b2a6033fa4b75269c64dffabbf8eeed65d9b79fc46fe065488cfff2bffb94438ce4c072a93d81304505b63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0d4289fb13b395003fbbb454b773a4ff
SHA1 b130d766a0e98a5e6788610edd6d98c943c16489
SHA256 d075400ea381d5f1f6b04b185dabad7bf677442e3f733d95a1b5b347be94f6d7
SHA512 7829e5b52124453dcf3d66e382b6687c000e48649fefe6a241296abac1815c34d41f631e1a9e26508c5956d342d485afcbf0fefe9a14a4f47cf60a00ea459fc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a84a4e03febad9121e188ae7039070c6
SHA1 3f1e6b4809b2af9f2a7da93589f104cae10bd283
SHA256 1a013414b8e23fbbbed0d236f06cc8e44049715c01e22d6e28c5b60dd231b47f
SHA512 a7e8b791b02749110e78c504b49be4130f23fa7691b2a6033fa4b75269c64dffabbf8eeed65d9b79fc46fe065488cfff2bffb94438ce4c072a93d81304505b63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0d4289fb13b395003fbbb454b773a4ff
SHA1 b130d766a0e98a5e6788610edd6d98c943c16489
SHA256 d075400ea381d5f1f6b04b185dabad7bf677442e3f733d95a1b5b347be94f6d7
SHA512 7829e5b52124453dcf3d66e382b6687c000e48649fefe6a241296abac1815c34d41f631e1a9e26508c5956d342d485afcbf0fefe9a14a4f47cf60a00ea459fc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f7e1fd5f9c04e6cc563e79021850603
SHA1 a2b6f1f9812cd74054666280838184a683f78b45
SHA256 8d9100007b4edda397193ae017c9176026abcdd6711fa8645e95466b6c622b38
SHA512 8594a070e9cb27b741cea7d115247d4bfd039a6a05357e3b9d5d4f0194907798e87bf0da6a5096ce981a81e28c656fa4293cc9ab3f52da5873c5686ba3dab65f

\??\pipe\LOCAL\crashpad_1304_LBLPRFBCBJZPKTYJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f7e1fd5f9c04e6cc563e79021850603
SHA1 a2b6f1f9812cd74054666280838184a683f78b45
SHA256 8d9100007b4edda397193ae017c9176026abcdd6711fa8645e95466b6c622b38
SHA512 8594a070e9cb27b741cea7d115247d4bfd039a6a05357e3b9d5d4f0194907798e87bf0da6a5096ce981a81e28c656fa4293cc9ab3f52da5873c5686ba3dab65f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0f525b845dd26bc27c8b33d7e77c546
SHA1 83610efe44f5896b2eafd1814e9d4c3946850755
SHA256 d7e244f0faedd07402baf5b57642c33bc962287f5fd1fbf94d3bb934d8c8147d
SHA512 8da772e2713c6e6a6c4efa5ec4b8d7f1f79eefd7bf9b665f7986408dd160f08ce78fb9655c26726beefcb4bedf19426cba6a6264da77661b7731af4d5ae4a21d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 77bec4e348db8720a85d47f0ab39d154
SHA1 23f584de96a78a7d05579d3d2ee0b1f383411734
SHA256 d7e79d3476c8bbfdad7a3a93944c3294e2421b980cefe691ccfcac66f4f6432f
SHA512 4ad9febe39276e42f58c6acd08fdbf5313d453f2fc0181457c4afe0b50fc5cd67307d2f021b3e270c47e7e17c19e8f5cb5de6ac4b8e35bea83fe7dc36bb20c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 77bec4e348db8720a85d47f0ab39d154
SHA1 23f584de96a78a7d05579d3d2ee0b1f383411734
SHA256 d7e79d3476c8bbfdad7a3a93944c3294e2421b980cefe691ccfcac66f4f6432f
SHA512 4ad9febe39276e42f58c6acd08fdbf5313d453f2fc0181457c4afe0b50fc5cd67307d2f021b3e270c47e7e17c19e8f5cb5de6ac4b8e35bea83fe7dc36bb20c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 deededd638301900b90b8eb785443e1c
SHA1 77f9666c35927e2988f1c8ca3c98d5735a3e262b
SHA256 23db1e4a2a15b20bf83a52b501ff9d49c395e246ccf7342e06b1086309a2c13b
SHA512 d744ed464b8024837cace6ee59deda98173c12db7766fa5569f6db61f7a901567a5881b8664cb9e8fabf7dd5b3f5574e71909e2128e2372a1bfd35965d479926

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f7e1fd5f9c04e6cc563e79021850603
SHA1 a2b6f1f9812cd74054666280838184a683f78b45
SHA256 8d9100007b4edda397193ae017c9176026abcdd6711fa8645e95466b6c622b38
SHA512 8594a070e9cb27b741cea7d115247d4bfd039a6a05357e3b9d5d4f0194907798e87bf0da6a5096ce981a81e28c656fa4293cc9ab3f52da5873c5686ba3dab65f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0d4289fb13b395003fbbb454b773a4ff
SHA1 b130d766a0e98a5e6788610edd6d98c943c16489
SHA256 d075400ea381d5f1f6b04b185dabad7bf677442e3f733d95a1b5b347be94f6d7
SHA512 7829e5b52124453dcf3d66e382b6687c000e48649fefe6a241296abac1815c34d41f631e1a9e26508c5956d342d485afcbf0fefe9a14a4f47cf60a00ea459fc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 deededd638301900b90b8eb785443e1c
SHA1 77f9666c35927e2988f1c8ca3c98d5735a3e262b
SHA256 23db1e4a2a15b20bf83a52b501ff9d49c395e246ccf7342e06b1086309a2c13b
SHA512 d744ed464b8024837cace6ee59deda98173c12db7766fa5569f6db61f7a901567a5881b8664cb9e8fabf7dd5b3f5574e71909e2128e2372a1bfd35965d479926

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a84a4e03febad9121e188ae7039070c6
SHA1 3f1e6b4809b2af9f2a7da93589f104cae10bd283
SHA256 1a013414b8e23fbbbed0d236f06cc8e44049715c01e22d6e28c5b60dd231b47f
SHA512 a7e8b791b02749110e78c504b49be4130f23fa7691b2a6033fa4b75269c64dffabbf8eeed65d9b79fc46fe065488cfff2bffb94438ce4c072a93d81304505b63

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4lR9qV8.exe

MD5 3a314456282eda4e75cd13793cb5344d
SHA1 26dbf8ca65982e00c5fe0fda227365c5375451df
SHA256 4230cd4e77428e5e061746f1ef4025c924c2fc355ef2bec3c1e059d1f157ef62
SHA512 3f3495b78c9661c6fb2fb1f3f2d5a0292c6064c42f9478f361281e36166d460c2234ff2712c90de46aac4dee7f4240ab60a6800ed61b573b3746d722401b2edd

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4lR9qV8.exe

MD5 3a314456282eda4e75cd13793cb5344d
SHA1 26dbf8ca65982e00c5fe0fda227365c5375451df
SHA256 4230cd4e77428e5e061746f1ef4025c924c2fc355ef2bec3c1e059d1f157ef62
SHA512 3f3495b78c9661c6fb2fb1f3f2d5a0292c6064c42f9478f361281e36166d460c2234ff2712c90de46aac4dee7f4240ab60a6800ed61b573b3746d722401b2edd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2ae2712523d3bc0e56cfcc2d6c22472e
SHA1 5e432d438a1a51a8610f6778b061d6c866fff474
SHA256 8d532e0a311bc0a355add18f2828855727b452944f592d5fe1420a0d26f7b21c
SHA512 6fe181909c7af9667a3da755004916a8517e340d6d16a24a9454d5d0c78d2b9e715b0e06d15ff2c6d0d24b5730cddd13517cd71faf0ac4b55643c3b59b6f0c2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 deededd638301900b90b8eb785443e1c
SHA1 77f9666c35927e2988f1c8ca3c98d5735a3e262b
SHA256 23db1e4a2a15b20bf83a52b501ff9d49c395e246ccf7342e06b1086309a2c13b
SHA512 d744ed464b8024837cace6ee59deda98173c12db7766fa5569f6db61f7a901567a5881b8664cb9e8fabf7dd5b3f5574e71909e2128e2372a1bfd35965d479926

\??\pipe\LOCAL\crashpad_3944_JIDIKTVYHKKSUDMX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef6a9ec0a7f3e3662e7daa79f21bd724
SHA1 d770fe9d202878521e27cf34625f5eb8a0936c9e
SHA256 3fef9ee326e656e832143daaee75eeca92ef268f3c63e76a51d599467cd70d58
SHA512 86cfaf7f82535587f3ef40e900de29695cd03d81f64b6a684d62d036e147bb4d7b4b93c154d27cefc94927b14f587ba00544b5088d2b3c233279be428a71df29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/560-345-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b076ec989a9d4df4bccff56aa5a3d850
SHA1 a96596022601fb6140f77dd7ca087f2714a12351
SHA256 ae4d3b73885aa0206e9390bb7011518ae7fc5ff51709c3d7613861c2493c6152
SHA512 475620f2efb589ec08d6e5b0b6c60caf3fc893926c01f2a83124dcd65e4dbd91bdbe294fef3d5fe9560a8a4b68a1fe289a28325455bd4fe70da39ae017797fc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59235d.TMP

MD5 bbeea0f759fed2881d4b560368d15053
SHA1 6c791a97e8f739d0837582dc73e9550dcd73d746
SHA256 147926d5b36a4d187d2bdcab29455763294dc3790967dfdb3a9495cd1aa5d29e
SHA512 9a4bcc6f2cd41973116e4ef19d3accb064a64eecf022ce6360c7d977b1e660f1b3337e25820364045ea93331daac2e3f9a32ec89b5c425f38f2731622b5f066f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/560-416-0x0000000000400000-0x0000000000433000-memory.dmp

memory/560-417-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eW20Tq.exe

MD5 f3d949829dbb49503a46b14851923201
SHA1 dcb51153089bd307a35eabffa68b2bc823578dce
SHA256 d2e04b3b75debf800ba6edc0c276f2be73e069b88dd5280f36a662463f103d6e
SHA512 ae7e81a6aa8bd3f9b14578ed09904d52c059658554bd7339686d2bff7864f4eb8ef98c956277de7c2cc9f7737812efb6431792214c086c3a940bc51b24c702f0

memory/560-420-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5eW20Tq.exe

MD5 f3d949829dbb49503a46b14851923201
SHA1 dcb51153089bd307a35eabffa68b2bc823578dce
SHA256 d2e04b3b75debf800ba6edc0c276f2be73e069b88dd5280f36a662463f103d6e
SHA512 ae7e81a6aa8bd3f9b14578ed09904d52c059658554bd7339686d2bff7864f4eb8ef98c956277de7c2cc9f7737812efb6431792214c086c3a940bc51b24c702f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 81443b180bc07a13b679ead44f325293
SHA1 58f89f582e3f3f61e312779479d7a4ed2aa0759e
SHA256 52cf72744a428f2287e6d1750b2dd281fd7576b25a9b4d49c6724e51250be4af
SHA512 1c38e54fc26f3bd3cd200f5d199ce3c30dc1522717d3863aefc7924ceed8c036dedf5855586080dcad5866cc443b798f7a92d03b3958469f67acb857c7bae750

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/6564-558-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c3a79288669f5b92c56eb52684242fe6
SHA1 8b188a841497b0e209d6c1d60e35bba61c030271
SHA256 dba66ca69cb23a1c1ef67d091e1133964c7bb5a75133d0e559b4f97082a5dfe7
SHA512 e50ff012a8b6f1b4b337d71bf24d857aed2195bca6a4070fa0a40f768b91d5de52baeb5c8d93185259d068a622465f26e3a357061a567e779833ab75163ddfe5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b1ae95c314a49ee674a125f302fa160c
SHA1 47fce8d44013139cea5e6b72f5bc4291d88cfc40
SHA256 d9165b5e57042e332ce82bf53cd8b55110424c659447bf272c686ea7b3e9f2f9
SHA512 5fd6abf3a953da761869116eb160761ed206782665aa294ced055d9ceab6fe34d004fffdaa51e72e2de4d71f6e77813fd73cbd8d9edf67ba0a4a568dddb6ac44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59e390.TMP

MD5 03a707c325dc3573c8ce3c4e1477e015
SHA1 8991563ba0c65063ec9f15fca75b07d0180dd1ab
SHA256 130fc2d4b83e9848143d4b3a6b972488590d7b3ec38f39b1a3fe4a742af00481
SHA512 9d23514ae054c423bfb330791a149ebd8471e85421add3915bc0106cc7c7908ce70fd3b9e20a31403bd2b372404b95073895d5511a3dabca5e26ef43f7c174b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e77fc475471ff0dce280ff37716df188
SHA1 2defe2c0bc898517effa0e8b9b4b65926d64783a
SHA256 c7dfeac1d5b01d3d79be0f6b32f310fc4f10313210f9373ba9a3f9c4a9b1b0f2
SHA512 d46a09960153f1d640a9e938574b4a041b7182c624529f2aa4d6878369379919aee52c26749f8b9db5621c807a0ff897d5cb6b1ee530d53c7356f45f993c8481

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ba93c53f8e897a307f0845ec18be5a3a
SHA1 235724666e8e84cf82d5c523dbedb264a9957023
SHA256 60a7dca35f23f5255444cc4884c538fbdda7e338afcd512ce3fb713f46202502
SHA512 21d1f149858984f4433652cf6f45fcb282ab3ee938af0c96a4bb58e8951c615bbddfd5b217e5d597ca40a4d52a897d18148df1486dc1ac94677cfc16ae52a817

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 f1a97d7aeb3372b831b52e21983a23d9
SHA1 b734b807b3b0b753ea413d105537d032e46935eb
SHA256 793e1641adf20700678766c35496bbce0d1427d64516010349d8e7d5647bc78c
SHA512 4d11566c671d468576be84c20cec5a8e6b0e4aca1187477b2bdcfe520056a8d765ba276836503a12474e3ee75625875897b8445e7dfbe852a65af4d9caa0fb19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe59e7c6.TMP

MD5 7f2e3f01d651f2f829006625f381a13c
SHA1 aba6e942f970dc86b8661e4b0b6735decee73093
SHA256 f0ae06a49d1add2a6c6964e452f7cf2ec06e21d3f7d1f486645e62ae1bcd617a
SHA512 c235eda1744474444b66a1a3dbd44a6986f581039a804228cee4e01ac53899c3baec18e0565336b0ed953f7e8453bfb11c4693fd6bf0df1e9d67548a6241c664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\896d81a6-5910-4d97-8150-2c3ef64904b2\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 16a91914bf09c04f9ea935dc205077e8
SHA1 c1632623563f31b2d21939ea76bc9ce562a82ba2
SHA256 02785dd0ccbb329e04b90c618e042ca33adbfd30a8c45d91d4f6a0ae0a84da2e
SHA512 eba67288c0df34d5b43788f9cb1a5e9dc61e75f30fb7bd221d7b73652a1f20e834abdc594c3f5b49886928914e18920f97898886e9c2d6b43332268ef1f7d59e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c63ce38386dec5eff4f4542155a6bdd0
SHA1 9e0320fbc25b3d59aa9778300f9704e227a74e69
SHA256 7e4b778d752a35e0281ef23aafd99adb3b3caad6e45dcd81d5bcfd063966dcb6
SHA512 edcb3257c39e8564faa6e474c8b07e7b6688b0ab8818c8fc1e8f4659ada2432d8aac147cdebc83dacd0e2ff052376d0d8b9d1f903d6936f90f3c26f656fca0a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 28d728d979a297cae2e54849bf3b1301
SHA1 68ef97ec9d054c7ddefa76c927baa8a9e6b716a9
SHA256 4ee32c7a244374fdce51e1721b39210ad107b6b38d83365ec12e3b40723a3d9b
SHA512 e5ff27af605e1acbda78d0ef86245d91736eca7540aefedce740d8542295c1f6c890004690f1fa1e05485e34155ac9073ea1e6e5774ed1fb0af8484c58da59dc

memory/6564-992-0x0000000074350000-0x0000000074B00000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90ac02b5e6f60b16231499d5aac25d0b
SHA1 3ab307e612c79257195df3b4154530ed835a85d0
SHA256 f596f2807dcf7ff50e5cddd4e301eb138fea3d174218e68cccd0843a1d7d4f90
SHA512 a9865543bf09a10f42fb45f2ca4ccc661c9d4948439bb46c9ec1ae62584c27ec3e167c9b0ff426864e0647c5540e0b6415c61994ff33e4a1a49188eca473d687

memory/6564-1027-0x0000000074350000-0x0000000074B00000-memory.dmp