Malware Analysis Report

2025-01-02 05:25

Sample ID 231111-jy64ladf47
Target 867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89
SHA256 867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89

Threat Level: Known bad

The file 867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

RedLine payload

RedLine

Detect Mystic stealer payload

Mystic

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 08:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 08:05

Reported

2023-11-11 08:09

Platform

win10v2004-20231025-en

Max time kernel

178s

Max time network

184s

Command Line

"C:\Users\Admin\AppData\Local\Temp\867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2816 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe
PID 2816 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe
PID 2816 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe
PID 3484 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe
PID 3484 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe
PID 3484 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe
PID 4484 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe
PID 4484 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe
PID 4484 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe
PID 4660 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 4756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 4756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 4752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 4752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3088 wrote to memory of 4292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3088 wrote to memory of 4292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1508 wrote to memory of 1072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1508 wrote to memory of 1072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1248 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1248 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4660 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2776 wrote to memory of 5336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2776 wrote to memory of 5336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4484 wrote to memory of 5412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4XA1pL3.exe
PID 4484 wrote to memory of 5412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4XA1pL3.exe
PID 4484 wrote to memory of 5412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4XA1pL3.exe
PID 3088 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3088 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3088 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3088 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3088 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3088 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3088 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89.exe

"C:\Users\Admin\AppData\Local\Temp\867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6f6346f8,0x7ffb6f634708,0x7ffb6f634718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4XA1pL3.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4XA1pL3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4821253112368043201,4639885726334972474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4821253112368043201,4639885726334972474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,448237312263007331,14667308194775083920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,448237312263007331,14667308194775083920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,11000283879254145228,1438580686803445089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11000283879254145228,1438580686803445089,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14358843219217781400,1736403185977359199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,6771203872456024990,1445338689856403073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11274888024847957000,5433189090718801523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,6771203872456024990,1445338689856403073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11274888024847957000,5433189090718801523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,1816814635327663845,6797981195054441189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,1816814635327663845,6797981195054441189,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14165313795670928460,10899756995619363528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,14358843219217781400,1736403185977359199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,14165313795670928460,10899756995619363528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14501922833128929138,14084252424085575292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14501922833128929138,14084252424085575292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Dh46sb.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Dh46sb.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6220 -ip 6220

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6tB091.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6tB091.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,16069743640784922461,12198476138467666271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 90.240.123.52.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 accounts.google.com udp
US 52.7.192.127:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 127.192.7.52.in-addr.arpa udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.197:443 t.co tcp
US 93.184.220.70:443 pbs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 rr1---sn-4g5edndk.googlevideo.com udp
DE 172.217.133.198:443 rr1---sn-4g5edndk.googlevideo.com tcp
DE 172.217.133.198:443 rr1---sn-4g5edndk.googlevideo.com tcp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 198.133.217.172.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 157.240.5.35:443 facebook.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
DE 172.217.133.198:443 rr1---sn-4g5edndk.googlevideo.com tcp
DE 172.217.133.198:443 rr1---sn-4g5edndk.googlevideo.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 152.199.21.141:443 abs.twimg.com tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
DE 172.217.133.198:443 rr1---sn-4g5edndk.googlevideo.com tcp
DE 172.217.133.198:443 rr1---sn-4g5edndk.googlevideo.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe

MD5 60a43f8310aaaf37b32ed32d660540df
SHA1 5296979c181889f3190a6cf0f80fcadfb96b7513
SHA256 20e74075f11701ae2fcfff224e878de50ec98631b5e88448b2e0cb0835cde65b
SHA512 3e4b72fefc8cb32fdc4dc40bdae2babbd7373497fdb7971e7e9f575c8352ab882fbc0020fb4c5e98669d8484d833af4d47283f6f5729361da51149b0b16dbad7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Br8NF83.exe

MD5 60a43f8310aaaf37b32ed32d660540df
SHA1 5296979c181889f3190a6cf0f80fcadfb96b7513
SHA256 20e74075f11701ae2fcfff224e878de50ec98631b5e88448b2e0cb0835cde65b
SHA512 3e4b72fefc8cb32fdc4dc40bdae2babbd7373497fdb7971e7e9f575c8352ab882fbc0020fb4c5e98669d8484d833af4d47283f6f5729361da51149b0b16dbad7

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe

MD5 da4fc0d2888859d9464f3cad1cadbb18
SHA1 f59c113a4c739ba59ec034846f24c5f3b82c54d4
SHA256 14883d8d854101dbf2c5f01e6554001c8521609639ec57fd9b67f3834007cad2
SHA512 b6b3ff4e1763b7be952dfb6f34bafd3d778ba7cfde6ecb6cea19da25f54edd3bdeeb76e8c6d2b4d2f9bf44794d3d262b2c7ba7d9340932a38bc3b30db711c29d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zv2On47.exe

MD5 da4fc0d2888859d9464f3cad1cadbb18
SHA1 f59c113a4c739ba59ec034846f24c5f3b82c54d4
SHA256 14883d8d854101dbf2c5f01e6554001c8521609639ec57fd9b67f3834007cad2
SHA512 b6b3ff4e1763b7be952dfb6f34bafd3d778ba7cfde6ecb6cea19da25f54edd3bdeeb76e8c6d2b4d2f9bf44794d3d262b2c7ba7d9340932a38bc3b30db711c29d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe

MD5 bd497d6bc9b25de26a1fd9c4f6a71146
SHA1 e557a28c967c8dadc9630740aa168342aa659794
SHA256 992798735f1034cbdd159216e62b82efc0c79de01b7e2200596d9b8c9c188187
SHA512 7f891784c9c252d15c59d03652f39df6aeae0d2d3e5871c863c3ec17ab4b98063e237d3c3a81a2c4ea254962882d02257ede956cb0fe800a409609db07259aeb

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3UB307ZY.exe

MD5 bd497d6bc9b25de26a1fd9c4f6a71146
SHA1 e557a28c967c8dadc9630740aa168342aa659794
SHA256 992798735f1034cbdd159216e62b82efc0c79de01b7e2200596d9b8c9c188187
SHA512 7f891784c9c252d15c59d03652f39df6aeae0d2d3e5871c863c3ec17ab4b98063e237d3c3a81a2c4ea254962882d02257ede956cb0fe800a409609db07259aeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4XA1pL3.exe

MD5 bf5046138501f1a93d0a676c89f07eb8
SHA1 e2fde9a2a5c99718b4640f116c6e13b35f01d991
SHA256 a929aa73c357fdd529f7697fa0f9a2d9c436dd0319acc85032f83863dcdfae02
SHA512 b6e2c92f6abb31e924c921c369845db8e61d699a8308cb6d20cff8dc856b1749965bf1a676ce645eede8825923ebfd7d29202a83b6eee042712e4657514743c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4XA1pL3.exe

MD5 bf5046138501f1a93d0a676c89f07eb8
SHA1 e2fde9a2a5c99718b4640f116c6e13b35f01d991
SHA256 a929aa73c357fdd529f7697fa0f9a2d9c436dd0319acc85032f83863dcdfae02
SHA512 b6e2c92f6abb31e924c921c369845db8e61d699a8308cb6d20cff8dc856b1749965bf1a676ce645eede8825923ebfd7d29202a83b6eee042712e4657514743c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4848_IDWTWAURFNBNSFTL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_568_BJBSCHNZZYWEUYPB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2128_WONYPJAZZGKFGGRR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3088_ABHQHRKPSXVUKRVE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1248_GQCMKXXCIUVGTYYL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_112_EMRFBPAEBVGTOPWX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1508_JTUJWKBEWDXFLKNT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2092_ZRWWZXLZSJQCLQGX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4652_XNWVQKWRDENJUPWS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25a2f573771f304b5cfcac11e655df47
SHA1 ac068c2203f75d3f8972da5c67baa6d08928db8a
SHA256 53326f815639261a10ce04d47c5be9f947c2b39a2f81f2b9ffa30bd08fe2186b
SHA512 f3acb7ae981f29897064ff8bd5af9ef06c43ed7d94fb2debbab42a285b4e850b413338bd9b0f3a7a625919b2cca9ff064b1d68567d7e31598aaa36a46ec5a471

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1d136fb07bafdecaa5b1b37327d066d
SHA1 3e2679707a9207d21a709924e5661887643ec9db
SHA256 0bb5f5264e169e030735a485e195caed0b2086b7f312268ebddf7b7913b4865b
SHA512 7db133bb99d42992ddffcc234c1011f678b35af55b7b3de9337fec9ba9dab3aafb3a75140fa1db257719d359a72f745d1c682dea71a55822291b4540325f6459

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1d136fb07bafdecaa5b1b37327d066d
SHA1 3e2679707a9207d21a709924e5661887643ec9db
SHA256 0bb5f5264e169e030735a485e195caed0b2086b7f312268ebddf7b7913b4865b
SHA512 7db133bb99d42992ddffcc234c1011f678b35af55b7b3de9337fec9ba9dab3aafb3a75140fa1db257719d359a72f745d1c682dea71a55822291b4540325f6459

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9240085c-1fa5-48eb-9b1f-bb1d803e361a.tmp

MD5 403e36a275afb990671634f958ea4d62
SHA1 5d78995fcac3ab9c60210bd8d3979194323ed30c
SHA256 ff60302fa492109e5415ba00382b8508a66986a39bcb69cc2430da9d1563e90e
SHA512 8d9df469f7e8d3f2781fd80f526472e8ddff6f984451125a65edafcb81d36f76449c54bb1b198db7d2520eb62be2e379baae787b77be309edc54110300e6fdb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0eddd664271b5f35dfcc433f114ae280
SHA1 9de1ba25df5b81b3a0534e0e43ca657b929e8279
SHA256 4c62251c2fe9de242db9f082de357de49153be84f056f5057516596bdfb0ec62
SHA512 1393de96678807360800d45a3fd9dc5bdb1f16cccf9a64c48140cf260afd952a5c77db535e9c6cdf816b987fb2fcefd78355da1e4da388aaa0d516799ccef5b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6f1330fede7f1869559c108a6e3d345b
SHA1 a6c59a216f92260ce33d4d0a31b875ee0b5fe7ac
SHA256 c67cd22e552331987d819ae9de41f73d44863dc17389d1219c2acec9fcfca7bf
SHA512 a87e33af992c455f9fb7a4c257b26eec533bc40c6b7a01425e1f2612b25d660cb8f2db79008598778f8b33aa40ce338468c63b4934673ccf61b796674a8f95b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b711f65a50b1c7c452b445179b132898
SHA1 b8190280657e0d8ff88ee14a4e4d2990d96d9d0d
SHA256 3d3e93c36058df5d7f12ede668a5d263574ab4760a98140f0fc05a1d8f6591e2
SHA512 8b177c5722aad91611258228b431cb6249119b1afbaf6a496a71ee0a543177a19d54a919db70c81fd4b98dbfdfedfcb48d1bae019c86853827d3dad5b8b0bf11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\034421be-3572-4d72-8ecc-a8a216260310.tmp

MD5 e7d0951b48be96002ad0180d90b6f992
SHA1 a7716bdaa1483f31febe8beeb63c89ddcf1033d8
SHA256 bc1d78cd144a860c5cacf48cb247fb6646a92aaeb87fd043e4b6292d7eaba560
SHA512 f68f043715b1046b396166e12e0ea5bbbf4ccfaa9ef07759abcedc3154f7540082eee76626a6c7e4b4e077ec80c6fb501e8bafa2dbe575cf4f9b50fd4d638dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b711f65a50b1c7c452b445179b132898
SHA1 b8190280657e0d8ff88ee14a4e4d2990d96d9d0d
SHA256 3d3e93c36058df5d7f12ede668a5d263574ab4760a98140f0fc05a1d8f6591e2
SHA512 8b177c5722aad91611258228b431cb6249119b1afbaf6a496a71ee0a543177a19d54a919db70c81fd4b98dbfdfedfcb48d1bae019c86853827d3dad5b8b0bf11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6f1330fede7f1869559c108a6e3d345b
SHA1 a6c59a216f92260ce33d4d0a31b875ee0b5fe7ac
SHA256 c67cd22e552331987d819ae9de41f73d44863dc17389d1219c2acec9fcfca7bf
SHA512 a87e33af992c455f9fb7a4c257b26eec533bc40c6b7a01425e1f2612b25d660cb8f2db79008598778f8b33aa40ce338468c63b4934673ccf61b796674a8f95b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6f1330fede7f1869559c108a6e3d345b
SHA1 a6c59a216f92260ce33d4d0a31b875ee0b5fe7ac
SHA256 c67cd22e552331987d819ae9de41f73d44863dc17389d1219c2acec9fcfca7bf
SHA512 a87e33af992c455f9fb7a4c257b26eec533bc40c6b7a01425e1f2612b25d660cb8f2db79008598778f8b33aa40ce338468c63b4934673ccf61b796674a8f95b0

\??\pipe\LOCAL\crashpad_2776_LWAIYDGCAWMVXSIJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 706fae867ea37fb2da8fb3b24f32d1db
SHA1 13f7edc318267549664f68f9bf7b7be7c1046ae1
SHA256 ded937b44980f6e898b741a6556d0c2f1f059c325fc291bf1ac373657a344490
SHA512 da1cea7488af76d930e0eec039c646779b0b6c4bbe00d6a9a729b713e7061b84e83056c91762b79dfcc9a599035e9b369b045fc59c8b0a7dfd83c2e7f709b486

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0591ac4a-c515-46df-b96e-7d52d7980fd7.tmp

MD5 0eddd664271b5f35dfcc433f114ae280
SHA1 9de1ba25df5b81b3a0534e0e43ca657b929e8279
SHA256 4c62251c2fe9de242db9f082de357de49153be84f056f5057516596bdfb0ec62
SHA512 1393de96678807360800d45a3fd9dc5bdb1f16cccf9a64c48140cf260afd952a5c77db535e9c6cdf816b987fb2fcefd78355da1e4da388aaa0d516799ccef5b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 706fae867ea37fb2da8fb3b24f32d1db
SHA1 13f7edc318267549664f68f9bf7b7be7c1046ae1
SHA256 ded937b44980f6e898b741a6556d0c2f1f059c325fc291bf1ac373657a344490
SHA512 da1cea7488af76d930e0eec039c646779b0b6c4bbe00d6a9a729b713e7061b84e83056c91762b79dfcc9a599035e9b369b045fc59c8b0a7dfd83c2e7f709b486

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25a2f573771f304b5cfcac11e655df47
SHA1 ac068c2203f75d3f8972da5c67baa6d08928db8a
SHA256 53326f815639261a10ce04d47c5be9f947c2b39a2f81f2b9ffa30bd08fe2186b
SHA512 f3acb7ae981f29897064ff8bd5af9ef06c43ed7d94fb2debbab42a285b4e850b413338bd9b0f3a7a625919b2cca9ff064b1d68567d7e31598aaa36a46ec5a471

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7d0951b48be96002ad0180d90b6f992
SHA1 a7716bdaa1483f31febe8beeb63c89ddcf1033d8
SHA256 bc1d78cd144a860c5cacf48cb247fb6646a92aaeb87fd043e4b6292d7eaba560
SHA512 f68f043715b1046b396166e12e0ea5bbbf4ccfaa9ef07759abcedc3154f7540082eee76626a6c7e4b4e077ec80c6fb501e8bafa2dbe575cf4f9b50fd4d638dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 06c0a12c29321fe06ebbbc803423d079
SHA1 782be80bbd390f2be3703dd36b46dd68e465ccd9
SHA256 982edb93eb254a9f8ba4ffcaecc8c02541fc7ebead27d4e48f2e4abb87aed1ac
SHA512 e5c562023c529826657fd2bf09a788842cf544ea42ed043d64edd38c56cea9d6ce2bdab7a77f5ac7a2d50a9ec70716e1021b50a5fe2745fd6d1ee3f11745a8ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 06c0a12c29321fe06ebbbc803423d079
SHA1 782be80bbd390f2be3703dd36b46dd68e465ccd9
SHA256 982edb93eb254a9f8ba4ffcaecc8c02541fc7ebead27d4e48f2e4abb87aed1ac
SHA512 e5c562023c529826657fd2bf09a788842cf544ea42ed043d64edd38c56cea9d6ce2bdab7a77f5ac7a2d50a9ec70716e1021b50a5fe2745fd6d1ee3f11745a8ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 403e36a275afb990671634f958ea4d62
SHA1 5d78995fcac3ab9c60210bd8d3979194323ed30c
SHA256 ff60302fa492109e5415ba00382b8508a66986a39bcb69cc2430da9d1563e90e
SHA512 8d9df469f7e8d3f2781fd80f526472e8ddff6f984451125a65edafcb81d36f76449c54bb1b198db7d2520eb62be2e379baae787b77be309edc54110300e6fdb2

memory/6220-330-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6220-332-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6220-333-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6220-335-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 685f34829a6c6d374dc6afa388d454f9
SHA1 6c62104e8cfa4f9359206b56ee3f7444b351aaf3
SHA256 0aff50672442bb011fa2be1bab06d383a30459935c4858a6592d50003b710471
SHA512 b551414975a897f53f673091b689e7496e6250566a1a3606ff2a89f8f0af3cb5228e07f800c50accad95cb3a3883d7d27825d9f7ff948ba35543bad1a950dfe5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 edf8b00133dc4753703b83901838975c
SHA1 42b1c9df3f93fa01f250e042397c8fa5004a141b
SHA256 c62409742b644ecfa926489e1e09e39e9dfc7a8be30254d195a67a5baec2e2c8
SHA512 5062bea5b6975f7e019d13a98d0fe3a9442a7917003680cc945eca49015dd539add909dcfe0fac0b5e18173d1eddcd01219fea1f94dd152465b5cea63c83d484

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4d4e80a671dc9a680178a261cf255246
SHA1 2cfdfa3c0ba448da13f449b5dd9effa57ad58023
SHA256 6b99ccb319f1fd3006dde6020831847695c7076e417c18bac6fc3c58bf467d23
SHA512 d4311436ceb48c698ee8755f5bcc8c44202efd995f406c2db95ac1cb50b454d9fd732d9d8b6f31c334ec0589a08923106f2658d5024a338d34b30b66a6572b39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 00d09bdf5eb97d64ebbf27b80c6f6bfb
SHA1 10b9075b7f881fede4b6cb8b1763ccbd146a457f
SHA256 d840f937a7838f6e528e04eaa93a11b07dc4f82bb53bade7626c8ffd608efc21
SHA512 3895f462ba8db0ebfeacdaa6cd6d4b4a531a0b9e9b678f3a5d8e3797d7fa960288175474fe958e5b94e2ca24f32f9039d2cebb235cf5ee9da5604b82ea2de510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5736-602-0x0000000000400000-0x000000000043C000-memory.dmp

memory/5736-632-0x0000000074BC0000-0x0000000075370000-memory.dmp

memory/5736-633-0x0000000007EC0000-0x0000000008464000-memory.dmp

memory/5736-636-0x00000000079B0000-0x0000000007A42000-memory.dmp

memory/5736-637-0x0000000007950000-0x0000000007960000-memory.dmp

memory/5736-638-0x0000000007990000-0x000000000799A000-memory.dmp

memory/5736-639-0x0000000008A90000-0x00000000090A8000-memory.dmp

memory/5736-640-0x0000000007CF0000-0x0000000007DFA000-memory.dmp

memory/5736-641-0x0000000007C00000-0x0000000007C12000-memory.dmp

memory/5736-642-0x0000000007C60000-0x0000000007C9C000-memory.dmp

memory/5736-657-0x0000000007CA0000-0x0000000007CEC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c8ace48226c708696a2d81e27270525a
SHA1 7ccf59d8edc6779176b68adef121fda19c86e39b
SHA256 753d54cd19064fe5cd3fe533c10bb46e080d8aad7a4f092c90d9a2e3d8b07a64
SHA512 d30e6a9c04f12a5e4beb3e72b65bc630543859b985ade1318bf89abd5498c151d38b30cad99ae197b2293dc73db65531caa8308d9c7ac8c5922b3d8690d316f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5956a2.TMP

MD5 6e91e54f6e4763041331a5f749dc4a07
SHA1 4939468cffc3d59f0e877d46330bb1f4a3c08574
SHA256 2893f6c940c790fca6ee7b1f6c324586003f91a54701dd9ccea73311c2777d04
SHA512 dd565789e9ae960ec101c94f1cf28156d0c98d4193c9989e31dea6a485e25cea72477ada15ac683f5321451b94bb64dd14ab2b6a381796ad06ca85e0f23e716d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cd5292ff-a38a-499d-aca5-6b6e9737f0ff.tmp

MD5 6f9fe596410cb57afeaeecb96c10893a
SHA1 8b76a597a92d909fb14f318fe6527f0c3eea3c32
SHA256 e9902a7e3d4f83fe31c0200d7e40fd545dc32218d8cbf2d7aa8fbe23b4723187
SHA512 ddd9e966c49f6120c8355cf6ddf974224807b84a50ed61a97f3d982e07571380b417714c30e3789452beb11036460f3844e4f3bd251c83d68db394fa35079507

memory/6920-706-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b2718b8ec5bfb0ea3e68a04734b9a40b
SHA1 9bbbead3a7cce859b85a8073d4f5f07154271074
SHA256 b9ff529828fcf7477d9d33bb722ff81dd2ba971b300b45d3da77988109a24668
SHA512 59a9bb0430d8adb538993e9017f2867ddcbd99863ea5ed1e654cb7907fb9d3b958df94f359ee428de97f9788a4b7ea53f169596f230a6762f6f3a5024bef058d

memory/6920-756-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 45fcf2dc448e13cc38f62810ec383d2f
SHA1 2f20aac0f639bf0b29442b9f7cae8b9bb52a37eb
SHA256 083c5866b0507916629036a29ef8ea832dfd41507127efcc30ecefded1a82499
SHA512 9f9bdc7fce0481124200eeee898fc35b34653e4f8cd9dd510ba7d76eb4b2e3fc55730afd515dbc8837f103a012254645b70a76174a6ac8443470d795bf23bd6d

memory/6920-765-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6920-769-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c45d4b147d91f8f075f4a9758ccbf083
SHA1 fd20c59145155bab8f1a519e523addd8972f9607
SHA256 5aeeb7813b06ee2837c3882dad088e4636b1dae780d1bbfae8025f5afcf13800
SHA512 25293cf7ddf3beb2b29db3586a5f2617061fbc5a244937d37b0f83a30fccd366d2b655b1e7dce7b913e97f5368b2db54da82e263772e362e83ad3645e76c306f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fd8c4de348d5f7dfe86e9e3922537808
SHA1 e8d78287e79647b617863052d4c192ba8eb5df0e
SHA256 2da917d1675cd33e2d602174dca3c452b92b1ac048924896ca24debbc9b0d608
SHA512 3f21772104441a291d6def31330b043b3b897e97b515d7a17c392cf1251b4261f8a901912591b27709250210b369497c092695fdcd7619f34f421cfeec64cd42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a14e1.TMP

MD5 d3fce0a69153da0db93209300d155ce7
SHA1 59a4b3c84109d415b9ab5dabeacef9e44e906a05
SHA256 fce77c9551848179ecb2f677f9c19cbe8bdf92bb64edcc992d2ec503ff0265b2
SHA512 8132a816c97e24396476ac1a1d1f5fbb713057dc6107100da33c221f6ce808961e42119e80bf36aee82f2967f73144992162a525dc399e4e51b79bf702b1a29e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a6b8e0fc025bd21fe8b6a307ddd5007f
SHA1 51e67dfe72ba0ec736d3606430edec3f8e4ad815
SHA256 7e7400320175b8f6b7726f9964c2784c33e97f6e89b7c5a027f30750365b04f9
SHA512 d01e2f96fb5df3f9e3fa1fd594afe4b405de27fc12b77aa29c7997feddd7f4042e8cbe924d179164a6e3beece99339f0259c25bc9f0f246c4efe1ac7251bcf0c

memory/5736-843-0x0000000074BC0000-0x0000000075370000-memory.dmp

memory/5736-847-0x0000000007950000-0x0000000007960000-memory.dmp