Malware Analysis Report

2025-01-02 05:08

Sample ID 231111-jwjkhscf3s
Target ba2c77718bd6b44abb313b86974e99e8.exe
SHA256 a1d0f879aa5023488075c93718c6bac17d2056269fe3822c901d2b908bc13bbf
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a1d0f879aa5023488075c93718c6bac17d2056269fe3822c901d2b908bc13bbf

Threat Level: Known bad

The file ba2c77718bd6b44abb313b86974e99e8.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Mystic

RedLine payload

RedLine

Detect Mystic stealer payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 08:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 08:01

Reported

2023-11-11 08:03

Platform

win10v2004-20231020-en

Max time kernel

152s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 232 wrote to memory of 364 N/A C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe
PID 232 wrote to memory of 364 N/A C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe
PID 232 wrote to memory of 364 N/A C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe
PID 364 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe
PID 364 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe
PID 364 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe
PID 2152 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe
PID 2152 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe
PID 2152 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe
PID 2544 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 3420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 3420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1588 wrote to memory of 4156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1588 wrote to memory of 4156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1320 wrote to memory of 3456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1320 wrote to memory of 3456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2456 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2456 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2708 wrote to memory of 5164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2708 wrote to memory of 5164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 5300 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 5300 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5300 wrote to memory of 5344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5300 wrote to memory of 5344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 5376 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe
PID 2152 wrote to memory of 5376 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe
PID 2152 wrote to memory of 5376 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 5860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe

"C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,15823140390664180254,9989339329743429320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15398071092313119759,9987282529966210051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15398071092313119759,9987282529966210051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14938814807567369445,11358381684278707818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14938814807567369445,11358381684278707818,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14837953084727603059,1582937938127470933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,15823140390664180254,9989339329743429320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14837953084727603059,1582937938127470933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,16968010092116873043,5954333295136617108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,16968010092116873043,5954333295136617108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10845124361649145723,15288924644414477369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10845124361649145723,15288924644414477369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4454760340887961797,4662975924019338118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4454760340887961797,4662975924019338118,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,12438056894548535319,1448150091202852392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5FW01ia.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5FW01ia.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8140 -ip 8140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6828 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f8 0x498

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6RO860.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6RO860.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 138.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 18.205.121.43:443 www.epicgames.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 twitter.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 43.121.205.18.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 68.232.34.217:443 video.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
DE 172.217.23.214:443 i.ytimg.com udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 173.194.69.132:443 yt3.ggpht.com tcp
US 173.194.69.132:443 yt3.ggpht.com tcp
US 173.194.69.132:443 yt3.ggpht.com tcp
US 173.194.69.132:443 yt3.ggpht.com tcp
US 173.194.69.132:443 yt3.ggpht.com tcp
US 173.194.69.132:443 yt3.ggpht.com tcp
US 8.8.8.8:53 i3.ytimg.com udp
GB 216.58.208.110:443 i3.ytimg.com tcp
GB 216.58.208.110:443 i3.ytimg.com tcp
US 8.8.8.8:53 132.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.250.179.170:443 jnn-pa.googleapis.com tcp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 104.116.69.13.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.201.35:443 www.facebook.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.66:443 api.twitter.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe

MD5 a6663585a20dd82a04535b9a96228518
SHA1 21231978e6e815675ebfc72ed544e90a227b0375
SHA256 8c8ed0eaec15c8e8c8d8e3053d72547077d96064de06acd82ed5d7f7e079644f
SHA512 eea1db7cd6478ea4d0bb416c93bf6e93b8aa0c37741b8b58b1455e80b1ee571bb085f7ad5c5c1dbaf4a79bd39bd42eb4377a3259281fcc55c144dd73cc5f902f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe

MD5 a6663585a20dd82a04535b9a96228518
SHA1 21231978e6e815675ebfc72ed544e90a227b0375
SHA256 8c8ed0eaec15c8e8c8d8e3053d72547077d96064de06acd82ed5d7f7e079644f
SHA512 eea1db7cd6478ea4d0bb416c93bf6e93b8aa0c37741b8b58b1455e80b1ee571bb085f7ad5c5c1dbaf4a79bd39bd42eb4377a3259281fcc55c144dd73cc5f902f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe

MD5 e00b13768d63db914f7b5594f0c69ab2
SHA1 5f4fde767445490c6a27ea99431ac1852dd14745
SHA256 f93a129ea237310def03e0c32c67c47b9393f765359e19ee074a950ab19f9f20
SHA512 3d5e42f3c9321873534b62fdf1a2daba3b86b14a91e73d488f71ef121ba4c9709e75f782496095097452ffdb0b209db8d7a9b323b9506db8548eb0baa84dd6d2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe

MD5 e00b13768d63db914f7b5594f0c69ab2
SHA1 5f4fde767445490c6a27ea99431ac1852dd14745
SHA256 f93a129ea237310def03e0c32c67c47b9393f765359e19ee074a950ab19f9f20
SHA512 3d5e42f3c9321873534b62fdf1a2daba3b86b14a91e73d488f71ef121ba4c9709e75f782496095097452ffdb0b209db8d7a9b323b9506db8548eb0baa84dd6d2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe

MD5 0ef9edc509096c96ca9e7c5a46e1aebc
SHA1 6bf41873594bf97c5e6e25f4545bea82b0b50a3b
SHA256 c31dc86665ec4718ef06733b113e9fed3e0a2ab2f8bcb27549ca4ff997df1bc6
SHA512 b6f39aa8c5361685c0367cf16d741fb587b1bf6c229c4f1f4a62de1736d079280f9f77b8e308670672c4500aba1889b2ad5d131cb9073a780548da774c2c321e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe

MD5 0ef9edc509096c96ca9e7c5a46e1aebc
SHA1 6bf41873594bf97c5e6e25f4545bea82b0b50a3b
SHA256 c31dc86665ec4718ef06733b113e9fed3e0a2ab2f8bcb27549ca4ff997df1bc6
SHA512 b6f39aa8c5361685c0367cf16d741fb587b1bf6c229c4f1f4a62de1736d079280f9f77b8e308670672c4500aba1889b2ad5d131cb9073a780548da774c2c321e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe

MD5 53e53441ccf57c4514c76a1e6edd03e1
SHA1 332f92ef37ddb9572426ceefd0102e85ddfebf5d
SHA256 eb293f0994af49eb78b6c5e7f76db249e92ec1d7cfa2d917dcfe14a379d09e02
SHA512 37ab83beeebc5fc38cba8c158e6ca7b743cb10c017ab5b72bb7189bf12f72818106b835749228bf897ebbe47effb853140cc1e8018b7d79e71add01def3956b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_796_KEXHGDVLRINVDWSC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_1588_DPBSBBCALUXDETNN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1448_UHPYYATXJQQJEYBU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe

MD5 53e53441ccf57c4514c76a1e6edd03e1
SHA1 332f92ef37ddb9572426ceefd0102e85ddfebf5d
SHA256 eb293f0994af49eb78b6c5e7f76db249e92ec1d7cfa2d917dcfe14a379d09e02
SHA512 37ab83beeebc5fc38cba8c158e6ca7b743cb10c017ab5b72bb7189bf12f72818106b835749228bf897ebbe47effb853140cc1e8018b7d79e71add01def3956b0

\??\pipe\LOCAL\crashpad_3020_JVZMKWNCRZXHZBUA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2456_NDSSGPUPHNWWNVKM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1832_DYPLBUOILJUCOQLY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_4876_LKRBDXOAIEFQNMIS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 80e6d5a8a76be326bc6a377d710a3a3a
SHA1 d0436c4452a95c31ba2c348f579f06667815c090
SHA256 e2da29faabb16450733436a9f07274d3fbe4460450a5653db87d28799767b303
SHA512 b6873ba53e76c75d8bc0b87fd84943d4edb1535137fe062c0a6e0aa0161bfb3d2036c702bb19e2f5c23bb9b8ca571789ba0c0efb6a7f1260a14026b86aa2ed57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d01cbecbf90c519bbe619c570c86f36
SHA1 28384185c10f3d1beb2ea7f5040bf54faf8438f9
SHA256 f25b16f135d2415f434fe2ea5f352425236ca9e097b4c24d43cb45859c7b3ecf
SHA512 26401c338051083b8e16b3eaece650f62fdb36eeeeeff95cdc15cda7914149f32f3a18e7f6208e0bec4022a56457cc8dd24204acf0e1eafccdb7102bf54fbbd3

\??\pipe\LOCAL\crashpad_1320_KQCXFMMMBOBUUFOJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6ea56cb76fa676c4a40fa590b63daa4f
SHA1 fea7248990f73e2fa67141d6332c03cbcf51d1f2
SHA256 1caba7d81019ed1be7733ebe5af2d4bbd47f7d16ad9de53f6d316173250071e2
SHA512 943deabb6e506ea57311a31109aef602891886d6c3995df3e1a715a94b6c2d4c816b10f4217acccfbc8006df8700f50e9a3138b203172e9f476d59220e8d1de6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6ea56cb76fa676c4a40fa590b63daa4f
SHA1 fea7248990f73e2fa67141d6332c03cbcf51d1f2
SHA256 1caba7d81019ed1be7733ebe5af2d4bbd47f7d16ad9de53f6d316173250071e2
SHA512 943deabb6e506ea57311a31109aef602891886d6c3995df3e1a715a94b6c2d4c816b10f4217acccfbc8006df8700f50e9a3138b203172e9f476d59220e8d1de6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9b8f10fe509a81b1df667dfddbb2fe5
SHA1 141dba681da093c0ab1025a5ec4b2df5064b1a56
SHA256 932dfc9f17608177adbe6db94cce474f586a41d4aac75e0661fdc9814446266c
SHA512 a82ff128022d4c76198fecbc2379a26566355908e8df9fe1c265acbf793764cdb69bbecdb7cb69a817870d468f3a324e0e37ff9d1156643b84d33e89be3efb11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7f0806ad-10b3-4e1a-a6a3-696cc878b7f5.tmp

MD5 5b23d2c0d41452f983cdcdce078e941f
SHA1 449e91dc08e117b96beba447cb5889accc6e8ab5
SHA256 2cd254068cf5f6ffaa46480911a73ee117e047bcfce78bc4094b9d83abf01234
SHA512 6f7de32b5448a3363cc4870591278bf145bf2c0535a640c13b1ab8cce43a24c25a7f3106270112984c036b26c4e4b033b8f24b86ec0e2a8b7e377214585abb78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9b8f10fe509a81b1df667dfddbb2fe5
SHA1 141dba681da093c0ab1025a5ec4b2df5064b1a56
SHA256 932dfc9f17608177adbe6db94cce474f586a41d4aac75e0661fdc9814446266c
SHA512 a82ff128022d4c76198fecbc2379a26566355908e8df9fe1c265acbf793764cdb69bbecdb7cb69a817870d468f3a324e0e37ff9d1156643b84d33e89be3efb11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3024b9b9f6d86e09515096048cd8bb8b
SHA1 c1f896c81a87d2bac007542596696bf8fdce4f49
SHA256 21bc818263d38dee27fa12dda44b5c7b087a64d7063fa34fd6af51bf08dc6282
SHA512 f823766a80bca42b99a22b7f608a77725e7d699735d3511697dcbfb0ac3157b83ad29623e4c05d37bc1cc0777af218913a91b013ea83e77887fd20f46ad8aab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3024b9b9f6d86e09515096048cd8bb8b
SHA1 c1f896c81a87d2bac007542596696bf8fdce4f49
SHA256 21bc818263d38dee27fa12dda44b5c7b087a64d7063fa34fd6af51bf08dc6282
SHA512 f823766a80bca42b99a22b7f608a77725e7d699735d3511697dcbfb0ac3157b83ad29623e4c05d37bc1cc0777af218913a91b013ea83e77887fd20f46ad8aab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e854040534792cad3b0187c095e8b57
SHA1 0d139f081ebde203371ba05846eb04b180d4bf08
SHA256 25f7dbd377e59ee91a03ff9e4bab02a54915f94f85a0c0fe6bfc16ed49c67036
SHA512 216a96ee6420eecf674b6c336cbb48275a88571f597961ad52682c23960a339d5edd6d7dc0b3609151960a128c6d861356815303d764cc4f4132c302a8a6b45b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e854040534792cad3b0187c095e8b57
SHA1 0d139f081ebde203371ba05846eb04b180d4bf08
SHA256 25f7dbd377e59ee91a03ff9e4bab02a54915f94f85a0c0fe6bfc16ed49c67036
SHA512 216a96ee6420eecf674b6c336cbb48275a88571f597961ad52682c23960a339d5edd6d7dc0b3609151960a128c6d861356815303d764cc4f4132c302a8a6b45b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 80e6d5a8a76be326bc6a377d710a3a3a
SHA1 d0436c4452a95c31ba2c348f579f06667815c090
SHA256 e2da29faabb16450733436a9f07274d3fbe4460450a5653db87d28799767b303
SHA512 b6873ba53e76c75d8bc0b87fd84943d4edb1535137fe062c0a6e0aa0161bfb3d2036c702bb19e2f5c23bb9b8ca571789ba0c0efb6a7f1260a14026b86aa2ed57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d01cbecbf90c519bbe619c570c86f36
SHA1 28384185c10f3d1beb2ea7f5040bf54faf8438f9
SHA256 f25b16f135d2415f434fe2ea5f352425236ca9e097b4c24d43cb45859c7b3ecf
SHA512 26401c338051083b8e16b3eaece650f62fdb36eeeeeff95cdc15cda7914149f32f3a18e7f6208e0bec4022a56457cc8dd24204acf0e1eafccdb7102bf54fbbd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 80e6d5a8a76be326bc6a377d710a3a3a
SHA1 d0436c4452a95c31ba2c348f579f06667815c090
SHA256 e2da29faabb16450733436a9f07274d3fbe4460450a5653db87d28799767b303
SHA512 b6873ba53e76c75d8bc0b87fd84943d4edb1535137fe062c0a6e0aa0161bfb3d2036c702bb19e2f5c23bb9b8ca571789ba0c0efb6a7f1260a14026b86aa2ed57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e854040534792cad3b0187c095e8b57
SHA1 0d139f081ebde203371ba05846eb04b180d4bf08
SHA256 25f7dbd377e59ee91a03ff9e4bab02a54915f94f85a0c0fe6bfc16ed49c67036
SHA512 216a96ee6420eecf674b6c336cbb48275a88571f597961ad52682c23960a339d5edd6d7dc0b3609151960a128c6d861356815303d764cc4f4132c302a8a6b45b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9b8f10fe509a81b1df667dfddbb2fe5
SHA1 141dba681da093c0ab1025a5ec4b2df5064b1a56
SHA256 932dfc9f17608177adbe6db94cce474f586a41d4aac75e0661fdc9814446266c
SHA512 a82ff128022d4c76198fecbc2379a26566355908e8df9fe1c265acbf793764cdb69bbecdb7cb69a817870d468f3a324e0e37ff9d1156643b84d33e89be3efb11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5b23d2c0d41452f983cdcdce078e941f
SHA1 449e91dc08e117b96beba447cb5889accc6e8ab5
SHA256 2cd254068cf5f6ffaa46480911a73ee117e047bcfce78bc4094b9d83abf01234
SHA512 6f7de32b5448a3363cc4870591278bf145bf2c0535a640c13b1ab8cce43a24c25a7f3106270112984c036b26c4e4b033b8f24b86ec0e2a8b7e377214585abb78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3c038d39caa3d4ef04bcedab7d97babe
SHA1 af1f59ee451eec78c391769e7a1f91a02bdffdf1
SHA256 583947162e6c29f61e2d0bd0b999ab16a2697715deb650ca7b48aca0e7e84628
SHA512 eb330fc2fc28e5468b83d0c810057e7ebe833e6d52649d15155b4b353ba3ccb5a6069f93ba8321de9fae0693631559bbeb5a227cb1ed5796c23ed928c45c948f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3c038d39caa3d4ef04bcedab7d97babe
SHA1 af1f59ee451eec78c391769e7a1f91a02bdffdf1
SHA256 583947162e6c29f61e2d0bd0b999ab16a2697715deb650ca7b48aca0e7e84628
SHA512 eb330fc2fc28e5468b83d0c810057e7ebe833e6d52649d15155b4b353ba3ccb5a6069f93ba8321de9fae0693631559bbeb5a227cb1ed5796c23ed928c45c948f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5b23d2c0d41452f983cdcdce078e941f
SHA1 449e91dc08e117b96beba447cb5889accc6e8ab5
SHA256 2cd254068cf5f6ffaa46480911a73ee117e047bcfce78bc4094b9d83abf01234
SHA512 6f7de32b5448a3363cc4870591278bf145bf2c0535a640c13b1ab8cce43a24c25a7f3106270112984c036b26c4e4b033b8f24b86ec0e2a8b7e377214585abb78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d01cbecbf90c519bbe619c570c86f36
SHA1 28384185c10f3d1beb2ea7f5040bf54faf8438f9
SHA256 f25b16f135d2415f434fe2ea5f352425236ca9e097b4c24d43cb45859c7b3ecf
SHA512 26401c338051083b8e16b3eaece650f62fdb36eeeeeff95cdc15cda7914149f32f3a18e7f6208e0bec4022a56457cc8dd24204acf0e1eafccdb7102bf54fbbd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a2d851d2-03b5-48ef-9faa-3456a324f277.tmp

MD5 b04a372385b4fba0362e094fa9070231
SHA1 af2c133eedfcfd85f19f640343e0e882b5f54d76
SHA256 85a96074bb95cb8699b6fa3cc2cfb83cdaba3ede7e2d7ab7cd32f28077e4c99c
SHA512 17e16256cd772c57f4c9e69134712e28eafad1c8318a8c9c8d7ff6456dcf50a6377741f4bb692379538276c087944ee3ad96b8600c78257711bdba9067d77c63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/8140-303-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8140-307-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8140-306-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8140-309-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f07014dd5fe7c659ecb98fac1c732000
SHA1 30385304a5ec64e3d405f95b2f4e0cb53c217a02
SHA256 5afb9ff969d0f8d70876da7f23e0c703729b3f96176bb46e9e446e0a70574e13
SHA512 3ebfe4c31d3c3780d364c8bc12e466120351e29195c4d98a603c7f57f3ef990ea72e6cfe28513a75df45d024d31709da4f476c27aefbde6b00b8a6ab2fd3d961

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 7c7a884c27be53d355b4578a97955087
SHA1 9a340123c7ec6c33072281bca624d9e4d772c98c
SHA256 a14d1527c4249b23a04c91f94dc4eda45ce4b570c1105618e4cef02f1b46ba87
SHA512 256738439163501557d6985ab082d866436ef5a70e7a1d10dae308ba50ed818223510311c0f3ce6e37f5573e154e87eb88087aba2a775d9869ce46b17bcfc7c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e32470c1a381941aa7c90a90aeba2227
SHA1 938ae0f9b95aebe9e8819217b9b869bc17df3a68
SHA256 f973743d989648fb25be3b457392ecc6e71086242d1faa2d1f976b5da6a69d9e
SHA512 efbf6480017aa9172652854a9193bfac18ea1ead191903202ce14fe913a96f5edc586b57e895b079504a762678d07b813c5996e833d11eb49d6d8873aaaf2856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1f758e7103d394ddb8127474c441db39
SHA1 81dbd44d0f01f93759ef483e2c554d11b50c85a3
SHA256 c448ff34ddf10befed70df47aee1913b5a5b355b85816ee5a2148c2f7e498c0c
SHA512 864fe5c7d6ba5e276a050f3c52132c90fa5c806d46bb6b675cc95c7d1451cc19037ee0d4c569372cf3daa4192293cb1321623d6c5116e373d040b6bb474ebf95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4406feb16c9c62ff74a410bc4fa78aa2
SHA1 7a4dbcbe61e34e57f4662afedbbbfe672f96d86b
SHA256 55b85903406c6dcbfb49829731310329a20aa24c79666519c848f2bc333a1ed7
SHA512 63897465b6182c77df81bb2d5d428bc14fdad02d2015ac81b30101a750028ce92f67f7d58510246fe9eb98f37cd9aae53ee0c83ff71593d6e6cb4b38cf6efa24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a987ed1a2f3b84cd7d8641fe9781c047
SHA1 14399f0a2186cb623d284921446dcc797e41ca20
SHA256 f16cde5f04146840627168e66afa21b830d185d728f2ca8ac1acd2c4b78cf037
SHA512 c6d24b3b83ab0c45b3c9543158f6c48fed82c25591304e69fea48c5c82f0f7a8859a5b3968a6128103c253b233628f4b292809aec9f8398beee104c6097f8cd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 33b7ac277f7a35da2bf50a965e58c5f2
SHA1 7a30f4ba22035c6b9b132921d9ab4cde8cf86f97
SHA256 69b294494b758ec12758f2dda276d1b4aa320a0cef5f0c8f481d5c0cb3d1c77b
SHA512 17a268c2abe285902a7e9a3264b916e50563eb7492a2f57e4f15211dda1491f06e8487e1d265237a48367114cf1d08098f0743001be42f506bc3852df68140f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1f1e6590a09d963c2fe06b8a7b749501
SHA1 0717452af1b3f17b584163d154835fa9d03ce4cd
SHA256 6be0d387db82854dc81b20a26a3c2969c39a35c08b8a31c71fd45f55a6bac9ee
SHA512 fa751e173721be198db23c8f69c3c69d1d7efca3abec1ddbfaf9ddf5521518fca3c96556d229ee34fef74300761d0a5cecf13040b547127e3a370eb1b752b9ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b93a23241fe3a14b9720d3159cc87f89
SHA1 380a37144266953142b346b8f875f83e3c5ef440
SHA256 d645510f87f1e70ca7d704d867a4db77ef7350df2c0d1c26439c2b2e2836f6e9
SHA512 f9e3a2078bf5518d2bcf188a7f336fb9dfde2256612420745b261ce00f95883b4dc69affdb8f60f56cbe1d9e7fbef42f5d7185113aa6c9a3c1dd4f0442e85d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e35b4174ef66f2b9d25ad4517f97a1de
SHA1 b553d205cc291876cd5597330dcb6ce41cac171b
SHA256 e92881dd6a974b2c310abb8d41abbbf4b88c7036ec82876479df0c79c62b1041
SHA512 29bbfc7bec177abf00a973e57413e8f9e6e06826d45b434aaf286a275da7e55535408ba03a6196380b1a8e9bd5492b5fb8a97b4d798aea558f6242ec020a1f65

memory/4436-610-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7140-630-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7140-631-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7140-642-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7140-644-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f180edb800e9d8948d378d16a23c6e19
SHA1 a57c85fe26dd28b5150377b9c7726f9a3f3f1e74
SHA256 241131bd5f0d351713e4428bc48d9298c771a4b90e0fbee7fc64a404967bd5ce
SHA512 985f28f83a6a04b6e8ad049ba72270a900ecb0d2933916521b8286953347068750c8e7b4335d0a4ef6b5a9f039e412e7c169a724c9981513b5655825b5240528

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe599aee.TMP

MD5 44a1285da06fc80a88a38fa6eb4eba94
SHA1 5a8195700d73f2a36678d2e071d3e82acd31a162
SHA256 53c79d278b5633e5970673c156a0d1df9f09a71717d5ab2486ad73fd46519760
SHA512 4b9e429466f8729735294fc85e90b2cef83e3d5989f24d4485ceae4dba4a9af7bec143a3f47f40aff24a6719309bad18fbb5a7b0ddc0c087060f0662f205dea6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc1f44643fdc65f733a92a01c59e3dad
SHA1 9d9e40ea2d936cb4bb2a6a0e5e0060be79664c66
SHA256 60583ccb0626d7aaa4b69efb226650f8828bcabeca5c94777969e4e1d6a4eaf2
SHA512 e001f79f7efd24351ebed5e061dad09b2eff758bbc28e6f369ca139360b7ffba97348b6fa75f42f0cd3ef2e677a035ce401bddaff4c396e3761ed741234850d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59a7df.TMP

MD5 bef38a8bfb51ea7a392a654337e8568d
SHA1 359ad8ba68801e152181683fa14070c78d316d95
SHA256 5ea6d9e7e414650866979607a632a76274e211c7a1417aa9c9d4d9f5cb4ffc1d
SHA512 214e84f3a429c1a9afbb86e89663f287ef4b0e5cc21c0c8fad11279f1a7143888fcbd359d65f68e72f5e28481afdaa0742879b844d5a4d4b11be979be7b4b8d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f97d75a5-8669-4c61-81a6-1358d8d87cdb\index-dir\the-real-index~RFe59b888.TMP

MD5 7790775a1ef0d329d9c2f7f6ecc0505a
SHA1 1475f06e193edf2738e2f81e00261938dcb1f565
SHA256 2d7eacc0fde0896a24657383758da82da9ae07b3e11258dd89e0dcea4543be95
SHA512 0550cf7b199f7b1786dba70768e4df7143dbc535f8d5f871d53618711b7f1d6c96099caa93e94d6895f492758a3937581bdc5b4de34c161f2a9b94bf85336882

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f97d75a5-8669-4c61-81a6-1358d8d87cdb\index-dir\the-real-index

MD5 73696a53139574a111c69ec618718f4b
SHA1 4c5fe8ce6856c967490a336954385fe8730483b1
SHA256 fbbed346ad2aaebbccab62b9fcafd3a9d7a5c8a7f4f3a04d20b38ae718a0392b
SHA512 d5335e316d616328a3f0e6e96b7a09fa8242bbad8f0486175edf20e9c686481cd15bc0e5a9d84cc8bc3f460a736923db54af13fd8a71bee66db4a979e6a167db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6183ee8a4bbd39692aea73233ab1fe24
SHA1 47bd823b6c0343439d3bf765339381b7fff177dd
SHA256 386ef6a57bffb76266adeb1ede733b8253ed5d3bc3dc8b60492a510fa697dfcc
SHA512 eb02ef33c6f3a8cbe49a7ad041eaf47d900f8e0399406b4eae1527de684bf98e50f9d2524ff8991e7a4d5fb375e98c2d27cc52e5f8ddc36a7ab00b9dfc65d781

memory/4436-816-0x0000000074420000-0x0000000074BD0000-memory.dmp

memory/4436-817-0x0000000007CC0000-0x0000000008264000-memory.dmp

memory/4436-880-0x00000000077F0000-0x0000000007882000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bac8532c69ef7883525810dd8c218adb
SHA1 540be0275aa0e80846471d50d919647d6e6cd12f
SHA256 7bf937f7c2b3667119f93080bbdfc57f06a27719efb9236535fca5c5cf7cde27
SHA512 fc16a6818355f745675e0279e7e18104d3a949d484deca49e3e09af6f21d1343453118fff548711dae965e2b68ce050b69972bef58c888b58ad5b19f14470775