Malware Analysis Report

2025-01-02 05:04

Sample ID 231111-jllxwsde73
Target 703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e
SHA256 703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e

Threat Level: Known bad

The file 703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

RedLine payload

Mystic

Detect Mystic stealer payload

RedLine

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 07:45

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 07:45

Reported

2023-11-11 07:48

Platform

win10v2004-20231023-en

Max time kernel

167s

Max time network

180s

Command Line

"C:\Users\Admin\AppData\Local\Temp\703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4944 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe
PID 4944 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe
PID 4944 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe
PID 4088 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe
PID 4088 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe
PID 4088 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe
PID 4164 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4280 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4280 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1348 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1348 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2312 wrote to memory of 2300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2312 wrote to memory of 2300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2kS6658.exe
PID 4088 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2kS6658.exe
PID 4088 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2kS6658.exe
PID 4280 wrote to memory of 5908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4280 wrote to memory of 5908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 32 wrote to memory of 5924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e.exe

"C:\Users\Admin\AppData\Local\Temp\703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x144,0x16c,0x7ffdf74e46f8,0x7ffdf74e4708,0x7ffdf74e4718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2kS6658.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2kS6658.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2438419562803462903,17539343481479785577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2438419562803462903,17539343481479785577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3241790634303050002,17873713068828150500,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15761937155232354590,2358224336164346186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17908650592227487018,16422489681368507852,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17908650592227487018,16422489681368507852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9344906351529510731,5948284050947661422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4731925409938504349,15050765271309940381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2861904235909498535,13448022678112459691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2861904235909498535,13448022678112459691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15761937155232354590,2358224336164346186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3241790634303050002,17873713068828150500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4117139487232891969,1244819247451038312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14853198901365758456,9271817681325151919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4731925409938504349,15050765271309940381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,9344906351529510731,5948284050947661422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4117139487232891969,1244819247451038312,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14853198901365758456,9271817681325151919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lv82WL.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lv82WL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5892 -ip 5892

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 540

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 540

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4925922668792780510,14824101285020647220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 accounts.google.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 twitter.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 3.94.39.90:443 www.epicgames.com tcp
US 3.94.39.90:443 www.epicgames.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 190.31.251.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 90.39.94.3.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.98.74.40.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe

MD5 30416b9441c812ba65d3eef7203ab087
SHA1 0723549ba2510eccb4c52eb1778218fcea1ce275
SHA256 1295f508dbccfe8a6c4f01722dd0f9e683112cecc57731de5a0cae233d3688c6
SHA512 cd1726d5541118b7d272ffac7ace9173fdf1db6a7bfb9d4e1efbcbe073b032c8a7926bb425b7aa39bac73a0aa2580ee4c5b0c45baf1cf3f1ac03160891395db0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cx2AM27.exe

MD5 30416b9441c812ba65d3eef7203ab087
SHA1 0723549ba2510eccb4c52eb1778218fcea1ce275
SHA256 1295f508dbccfe8a6c4f01722dd0f9e683112cecc57731de5a0cae233d3688c6
SHA512 cd1726d5541118b7d272ffac7ace9173fdf1db6a7bfb9d4e1efbcbe073b032c8a7926bb425b7aa39bac73a0aa2580ee4c5b0c45baf1cf3f1ac03160891395db0

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe

MD5 9850840a5e3982461019c4c5c018a51e
SHA1 532eb19ba01fe2e847e4ba203b0995ad1a56032b
SHA256 4c130562d650d63f240a06dc08f0fbae6a4003b7fa40e3effda383e9da18989d
SHA512 22092631bb365c3c0c5331a823edfe5ded1a83e1f6ccb1e531d3a0eefadce467b87e821856f0e60484f38bafc05c2f510d5bc8b51b3eac7e07b7727492462476

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1LU43cG1.exe

MD5 9850840a5e3982461019c4c5c018a51e
SHA1 532eb19ba01fe2e847e4ba203b0995ad1a56032b
SHA256 4c130562d650d63f240a06dc08f0fbae6a4003b7fa40e3effda383e9da18989d
SHA512 22092631bb365c3c0c5331a823edfe5ded1a83e1f6ccb1e531d3a0eefadce467b87e821856f0e60484f38bafc05c2f510d5bc8b51b3eac7e07b7727492462476

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2kS6658.exe

MD5 53e53441ccf57c4514c76a1e6edd03e1
SHA1 332f92ef37ddb9572426ceefd0102e85ddfebf5d
SHA256 eb293f0994af49eb78b6c5e7f76db249e92ec1d7cfa2d917dcfe14a379d09e02
SHA512 37ab83beeebc5fc38cba8c158e6ca7b743cb10c017ab5b72bb7189bf12f72818106b835749228bf897ebbe47effb853140cc1e8018b7d79e71add01def3956b0

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2kS6658.exe

MD5 53e53441ccf57c4514c76a1e6edd03e1
SHA1 332f92ef37ddb9572426ceefd0102e85ddfebf5d
SHA256 eb293f0994af49eb78b6c5e7f76db249e92ec1d7cfa2d917dcfe14a379d09e02
SHA512 37ab83beeebc5fc38cba8c158e6ca7b743cb10c017ab5b72bb7189bf12f72818106b835749228bf897ebbe47effb853140cc1e8018b7d79e71add01def3956b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_3284_KHVYHDARCZYMYMIK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4356_LJVGFECGNHPZCHJV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1492_AMZTKHBRPXWACZKW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1348_JTNYFTAEXXWPOCCA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2312_BXANWGYSWMPCNSHE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1440_CXAMVRLQWBFUYMJJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4428_UOWNRZLWDHCFDKFS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_376_FLNEZDHHKJJETXQX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ac5a9d00-a24c-46f1-ac6a-abd3011cb3bf.tmp

MD5 f0ec7c54b6e50f1a9c1d6921d761d9bf
SHA1 146e8456fab1e857846509de018fb67fad9b340c
SHA256 1d708b8809cfa6577a60c91206b4dd1814216fcdefb0772b4eb2e95f8e9f9e13
SHA512 83993c222ea30828bf6317f12ec4d0826b08e5d7a2144a9cc667923ae02a2cb8dfeaa54058f42392fe7e3d3d1f287884a86fb8df1b0e40c1190abcb9e5816a39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\61c698b5-721a-4c17-80a9-e2f30127b812.tmp

MD5 5c8d548a8047c0d5dbe0c678295da15a
SHA1 74b4732530917ba306a241c30b63237c1fd49f0c
SHA256 5897319da3641fd6a7bed8ed2e3eb28c7b16977416d91162169069cc7d48468a
SHA512 a53aa041da6c05580bee7831fab7c6d6e34a8e1c266790255557da58b1e8b89820e471dad493de218f8f656bef124936656b0d329bb39702402eb96151644a20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1ceecef8-c8cb-45b3-89c4-33b971408965.tmp

MD5 8f7bb660f8b5e61a8b1811aa1091d223
SHA1 a8df5f6f8c0a0736a46a41dcec5c50e0ea49f5c0
SHA256 0395454db26cccfd9dc6ab2f27f185327cbda51e1a95620b812e026a18d616e9
SHA512 b8db47f3e48663032bf7838d0edeb334f2a87a3f403e01595c30c980a48a8cb6a41bb75aa321f10f0e63bca91510e6dc564080427c959b2ae7ac6fd35704ba19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e5de71327f65ef669507dd9b1e7669c
SHA1 9410de2f4492d8d6d3fccb1e4a619b15bc13f8e3
SHA256 c424eee5afa4d713d42c542880bffc00bf46e7d9f06d47b191c6db753f6af9a9
SHA512 60b5c656a4e9ba4ad394aed59b4f400ec133648a7134021dfa6c95f35d790b4266c60fae604b79564dfa7c6a8b2347f63913029a18456a57b6d27c490ed87e69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e5de71327f65ef669507dd9b1e7669c
SHA1 9410de2f4492d8d6d3fccb1e4a619b15bc13f8e3
SHA256 c424eee5afa4d713d42c542880bffc00bf46e7d9f06d47b191c6db753f6af9a9
SHA512 60b5c656a4e9ba4ad394aed59b4f400ec133648a7134021dfa6c95f35d790b4266c60fae604b79564dfa7c6a8b2347f63913029a18456a57b6d27c490ed87e69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0ec7c54b6e50f1a9c1d6921d761d9bf
SHA1 146e8456fab1e857846509de018fb67fad9b340c
SHA256 1d708b8809cfa6577a60c91206b4dd1814216fcdefb0772b4eb2e95f8e9f9e13
SHA512 83993c222ea30828bf6317f12ec4d0826b08e5d7a2144a9cc667923ae02a2cb8dfeaa54058f42392fe7e3d3d1f287884a86fb8df1b0e40c1190abcb9e5816a39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a32c1605b52fd412981efbc936bd9d3c
SHA1 cdabfa851097808a8ec5fe38b56766fe134f2dca
SHA256 6e351acda5f88cb66269aef8a03d94c7e8bb1276d178d4e68bc7095b99df4158
SHA512 f0b348df9cd91572ed1f567720b486e876f84c5ab74f0cb0fc7ab8f72395fdfc0b01d1d0e3489c9ea647a663fd02d5d267fd9672288df7ba25e873692c6a4fcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aaf8f58fc83366dd2f1c44a3dd219955
SHA1 65d1f79380051a89837281d5b97f3beb9cf63487
SHA256 0dec33f9b417f8752e371e716f9eb1d1668e8af50b6c83373393023aa4936303
SHA512 75b191910dedb9463f23f917112b2d3cf2f79a0748fa9333c51a933f297379774ce918d7af6f321b210d6727e93000f964b11e97b16f774cb87b76ba9641f911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d404375c-a6d8-4ea6-93c1-e3a751a1f215.tmp

MD5 c6f0521e989d7be5d7a76a7f7ea505fb
SHA1 e9a97e97cf8c356cb8aa277ba3e558c4aaedea53
SHA256 68eb8cc795fd0bdbe529aeb02a2042f1ba113417cc4c9030f006f486bf3e4d53
SHA512 d14d19dd50a3d3ebd5987178a42d8b135d4b5ae7e92b38db9520cb4e811f13178bcae8185baba8133922c76ba3d2f4449398bc0fd74954f80a1ba8232335d474

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ae9fad71-c894-4991-957b-306e49e4b177.tmp

MD5 0676bd50da64c83899a6bc18ca495a16
SHA1 9c15ac29dbdb1874b8274f1f7db9499d4f022e19
SHA256 58f3112dd8741a29022fff272bb2f5ee5f3e01267bd86849ac8993cc6edb4ac3
SHA512 c2015788b1b10e9e3b7b3458d27d38e60c6246fdc61113fd5c88c19145fd99aeb3bc80eb8b2c177f5ed7833c6c9663af9c89519bda64101ad17696a83f12296f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aaf8f58fc83366dd2f1c44a3dd219955
SHA1 65d1f79380051a89837281d5b97f3beb9cf63487
SHA256 0dec33f9b417f8752e371e716f9eb1d1668e8af50b6c83373393023aa4936303
SHA512 75b191910dedb9463f23f917112b2d3cf2f79a0748fa9333c51a933f297379774ce918d7af6f321b210d6727e93000f964b11e97b16f774cb87b76ba9641f911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f8001a6f-53ee-4f31-9ccb-1abb1b09af2a.tmp

MD5 b6fc90a60c323d9f63d289630f215aa0
SHA1 db236f3e300caa9c70813d428a077b0620231515
SHA256 f7212eca5001346b58b978e5d3624eb4bcb809922ac76700f7bad7fd86a1c1b8
SHA512 eae5391db9d1e878e3b4096b59801e6d58abc4dbb38c76493e73a0e72060ef00ca5a58bba80167b76f0278a00877ab28944f565000a0c515ad52faa9506e379b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e5de71327f65ef669507dd9b1e7669c
SHA1 9410de2f4492d8d6d3fccb1e4a619b15bc13f8e3
SHA256 c424eee5afa4d713d42c542880bffc00bf46e7d9f06d47b191c6db753f6af9a9
SHA512 60b5c656a4e9ba4ad394aed59b4f400ec133648a7134021dfa6c95f35d790b4266c60fae604b79564dfa7c6a8b2347f63913029a18456a57b6d27c490ed87e69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6fc90a60c323d9f63d289630f215aa0
SHA1 db236f3e300caa9c70813d428a077b0620231515
SHA256 f7212eca5001346b58b978e5d3624eb4bcb809922ac76700f7bad7fd86a1c1b8
SHA512 eae5391db9d1e878e3b4096b59801e6d58abc4dbb38c76493e73a0e72060ef00ca5a58bba80167b76f0278a00877ab28944f565000a0c515ad52faa9506e379b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2014241e-f471-48a8-9a36-a6ff1bde887c.tmp

MD5 a32c1605b52fd412981efbc936bd9d3c
SHA1 cdabfa851097808a8ec5fe38b56766fe134f2dca
SHA256 6e351acda5f88cb66269aef8a03d94c7e8bb1276d178d4e68bc7095b99df4158
SHA512 f0b348df9cd91572ed1f567720b486e876f84c5ab74f0cb0fc7ab8f72395fdfc0b01d1d0e3489c9ea647a663fd02d5d267fd9672288df7ba25e873692c6a4fcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aaf8f58fc83366dd2f1c44a3dd219955
SHA1 65d1f79380051a89837281d5b97f3beb9cf63487
SHA256 0dec33f9b417f8752e371e716f9eb1d1668e8af50b6c83373393023aa4936303
SHA512 75b191910dedb9463f23f917112b2d3cf2f79a0748fa9333c51a933f297379774ce918d7af6f321b210d6727e93000f964b11e97b16f774cb87b76ba9641f911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a32c1605b52fd412981efbc936bd9d3c
SHA1 cdabfa851097808a8ec5fe38b56766fe134f2dca
SHA256 6e351acda5f88cb66269aef8a03d94c7e8bb1276d178d4e68bc7095b99df4158
SHA512 f0b348df9cd91572ed1f567720b486e876f84c5ab74f0cb0fc7ab8f72395fdfc0b01d1d0e3489c9ea647a663fd02d5d267fd9672288df7ba25e873692c6a4fcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c6f0521e989d7be5d7a76a7f7ea505fb
SHA1 e9a97e97cf8c356cb8aa277ba3e558c4aaedea53
SHA256 68eb8cc795fd0bdbe529aeb02a2042f1ba113417cc4c9030f006f486bf3e4d53
SHA512 d14d19dd50a3d3ebd5987178a42d8b135d4b5ae7e92b38db9520cb4e811f13178bcae8185baba8133922c76ba3d2f4449398bc0fd74954f80a1ba8232335d474

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0ec7c54b6e50f1a9c1d6921d761d9bf
SHA1 146e8456fab1e857846509de018fb67fad9b340c
SHA256 1d708b8809cfa6577a60c91206b4dd1814216fcdefb0772b4eb2e95f8e9f9e13
SHA512 83993c222ea30828bf6317f12ec4d0826b08e5d7a2144a9cc667923ae02a2cb8dfeaa54058f42392fe7e3d3d1f287884a86fb8df1b0e40c1190abcb9e5816a39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6fc90a60c323d9f63d289630f215aa0
SHA1 db236f3e300caa9c70813d428a077b0620231515
SHA256 f7212eca5001346b58b978e5d3624eb4bcb809922ac76700f7bad7fd86a1c1b8
SHA512 eae5391db9d1e878e3b4096b59801e6d58abc4dbb38c76493e73a0e72060ef00ca5a58bba80167b76f0278a00877ab28944f565000a0c515ad52faa9506e379b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f7bb660f8b5e61a8b1811aa1091d223
SHA1 a8df5f6f8c0a0736a46a41dcec5c50e0ea49f5c0
SHA256 0395454db26cccfd9dc6ab2f27f185327cbda51e1a95620b812e026a18d616e9
SHA512 b8db47f3e48663032bf7838d0edeb334f2a87a3f403e01595c30c980a48a8cb6a41bb75aa321f10f0e63bca91510e6dc564080427c959b2ae7ac6fd35704ba19

memory/5892-416-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5892-438-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5892-437-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5892-440-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 914bf7dbdd562425a9de4f962b7ed1c7
SHA1 ec55cd24b32e9a1d5c11a88a061ef4451d070218
SHA256 3ea62bf619bcd8aa5335a31c4ad736c0f814775991af3f2c7e38cb6a9c3ec59e
SHA512 6f04d592db7e9bda47b0b32d7e9ccf2e37305b54351683857f2f621ac63694b6dc0062df3df95d4e3f01148992e56e146aebf020fdd865a9a918e77c886f2b22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8662a2d09c10c0f9ed6907d15c274267
SHA1 1a0c5bd0672bd9cf2617f3911d322f7ab628d080
SHA256 7a7109c8a30a81595aae3cf00ed5527cf09f160de099b7a632b91b93efd19957
SHA512 e724362d235f25f60308be258b7f4c2a305f776b1b7957da0c2aba80d27e75f4bb8795e98c088af9bb1a49a0331e18d59732e8dd56b909aa6e10d5d425d700f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0170b761887cf923cdda3757235866b0
SHA1 58f86fff2b85497309790c3e51f9c6253af01ec6
SHA256 eb47d82c06c262f7099fbe9c9a89494b4841265884fc0c3c99abbb3fbe0b5d66
SHA512 1ccb697195a7ee6117fd6a33a638c8251a1b97bbba71219946779594f68da89b692000722200b4902bbceb2012c7acc6442fe63bcb84405139453184131bca45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4879522f362ec0951384d072f7d9261b
SHA1 c63cf651a26586968d7470d90f3e9506f9f14b9e
SHA256 6b25b9fe1ccf9f176fc491b1dbf20319187eed9632020a451dea866127ce835c
SHA512 ca59ded4bd03953e4f8b5a58bfdd6fe36699497213aa591a56d3b4656f363d6754ada81d1696657c51d9aa8a7acfecd3eccf00ed2d3f6ce2fccf138ae97e2a3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/5408-545-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a0253.TMP

MD5 b9bb78696c17800e8827115faefacd63
SHA1 52660a4a26a5e48b20a3a13239dc14563cdf2dcd
SHA256 0cc3fcef44856e9b28167604f389062b63b41ff4c9e6e16fb2fec2c5683f813d
SHA512 031660442f8ae4697329edf86014d8ae2665abfdaa1e9293cd4a38a19e087898580971ae2c85c325c115cb2a8af4c340b00bed85853daae504ec77b278950261

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cd1202cc5093bfd4d4808dce71ee0a5c
SHA1 7bc798cbddb82c991aefd56381443278ebe84bb1
SHA256 41bb600758cd5ea4ddcef5bf859f1b8ac2386dfc12702aede93381e7cf88164e
SHA512 aefd9a0151a41cc651a08cd9315898ab33bfe27065ac2fcb21f20b35e2d32ef09328476b28b0975109059dcb112e4884c41ea364d1d5f1466b071765f34b107c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 871e9f319488d1aee18b1024b5c341c7
SHA1 6f0dc6e6f28a766b24d1bf13f1cb5fa28d076d3a
SHA256 0eb1c98a3d7538b8f90d9818cf094dc5d6adc7eff42b3ad4ea89c0ee2fa072ab
SHA512 8b48dcffae9ef2fd3e13e3006b10bd59bc9d654edd7020764d20d6f813472ea92287da23eaa1ba947b57e18c72fc71e0351b2e91cefeb04a7f2323db9275d5c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 61648927901f6439fd4a49055b770463
SHA1 7ed01a26013bfb041989ced05fb61e9e8e76f77d
SHA256 15d068418584493d265ae6632a335ddb32cf1c2af81c2f6eff9a418e52ce6f2e
SHA512 3f4e87c7cdfdf5d8437864c0e232ca78a20a5729fdc2ecacfd933be88fd7339979508694fea6f488c5ce9fc592b8c2de0827ccff907aee36e5ab08b19ceee651

memory/5408-680-0x00000000742A0000-0x0000000074A50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4282d1bb176f634cacda92cbbe2e737d
SHA1 88655ef6af2be9efea21670ac0203c19e481cdb0
SHA256 9b5e8d52e24ff51cfbe96d6f922a081f916b18213b2d741d75c34c73029b6d20
SHA512 8078f8c4b7a8b924de5e131fc4edbd8ed1104f2760aa4f272b72690fedea29d3119538fc85831b9c6111e85ae03d208f3ba9a02d9b2c6a54b55719b66a24e86f