Malware Analysis Report

2025-01-02 05:30

Sample ID 231111-k16fhscg6s
Target 66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b
SHA256 66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b

Threat Level: Known bad

The file 66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

RedLine payload

Detect Mystic stealer payload

Mystic

RedLine

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

AutoIT Executable

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 09:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 09:05

Reported

2023-11-11 09:07

Platform

win10v2004-20231020-en

Max time kernel

151s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 816 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe
PID 816 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe
PID 816 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe
PID 4532 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe
PID 4532 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe
PID 4532 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe
PID 1972 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3384 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3384 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b.exe

"C:\Users\Admin\AppData\Local\Temp\66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x7c,0x16c,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2045167077063577780,17892878689976929966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2045167077063577780,17892878689976929966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,15229400005845709854,16294634921505785936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15229400005845709854,16294634921505785936,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,2792262226507513178,6540383422498846374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,2792262226507513178,6540383422498846374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2486963151198595181,8810104382236330174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x13c,0x174,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,4615527682614427425,18171775695978436036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdfe2c46f8,0x7ffdfe2c4708,0x7ffdfe2c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2bV0551.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2bV0551.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7716 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Yi94dA.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Yi94dA.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7236 -ip 7236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14228743556621830031,4873104471294405378,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1356 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 store.steampowered.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.epicgames.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 52.7.192.127:443 www.epicgames.com tcp
US 8.8.8.8:53 twitter.com udp
US 52.7.192.127:443 www.epicgames.com tcp
US 104.244.42.1:443 twitter.com tcp
US 104.244.42.1:443 twitter.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 127.192.7.52.in-addr.arpa udp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 fbsbx.com udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 b.stats.paypal.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 151.101.1.35:443 t.paypal.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe

MD5 89d12496574671d9abdcc672b42e6058
SHA1 3422d108a1933cf38def7fcd86bd35a5a1e2cddc
SHA256 af567097fb220400dc3788e13e1a6437d7692dd2c3ebe9e5be7a5775a236a12b
SHA512 e96c61b1bcd1321eb13d4a453c973d3834083fa69d1d8096961727047bd49bab82664cbdbb25018e3d002867797d242f4b45160a0c12f378917d755ee0e405bf

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MR7fM86.exe

MD5 89d12496574671d9abdcc672b42e6058
SHA1 3422d108a1933cf38def7fcd86bd35a5a1e2cddc
SHA256 af567097fb220400dc3788e13e1a6437d7692dd2c3ebe9e5be7a5775a236a12b
SHA512 e96c61b1bcd1321eb13d4a453c973d3834083fa69d1d8096961727047bd49bab82664cbdbb25018e3d002867797d242f4b45160a0c12f378917d755ee0e405bf

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe

MD5 da5f7375ce2e51fec63b573da6ba2596
SHA1 eee8ff9fe93fda037b277f32b9796f8140adad37
SHA256 53928f39a026e92a5d7b2e54f3a93d4bb85bd75b636c7e1bf69d5c7d70a22ae0
SHA512 efe65451ed105477ff8d2ad9b461e1f8d32f050a0f5a43d8eb6aae5703c8afded389b3601a9f2911ff1a427c8599b788ddde23ccb9665fea2b137350fd42e1d7

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Ny08uJ9.exe

MD5 da5f7375ce2e51fec63b573da6ba2596
SHA1 eee8ff9fe93fda037b277f32b9796f8140adad37
SHA256 53928f39a026e92a5d7b2e54f3a93d4bb85bd75b636c7e1bf69d5c7d70a22ae0
SHA512 efe65451ed105477ff8d2ad9b461e1f8d32f050a0f5a43d8eb6aae5703c8afded389b3601a9f2911ff1a427c8599b788ddde23ccb9665fea2b137350fd42e1d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_4456_AMEKYQIXIXAYBOSH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_4640_UZPDOSVIKDWLJTXU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_2068_PHBHLRUQDMGBQSHC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1552_ULZEFQJTIWNTEYSI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83d88377e072745e9e1d809eb54b3135
SHA1 1044197c082b43347a5348cdf4cdf8dc8c96aea7
SHA256 0af506e4895f3ba31b0606c8cfa1203c23ff6c5ca7328d823b39db27d254b57b
SHA512 d1d07d8d1f849d627cad3ae84e1706f69a634829f23ae3097c7414be8b438a59f0c59a45f3f43507e3bb2e2cb9ae06f99da395745bb6d0ad5b7efcedbafd849a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ae3c9d55a596c5bdac356d93f03a940
SHA1 89cbd16e0c7834f97ce861ccf224375495a22d05
SHA256 8b1a772b3e06d8c674c5f0aa319cff7db6672490a4b65582ec5dda2753b9103d
SHA512 955ccdd1bc9a89879adf31d3542c6dda806a238ed6cb8f00ae3166c4d6c7c92f31f39a8e7bb6b3a7064d349546a4ac36297f6106b02a14eec1d1bd9ecabdd0fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f6dd78562a5bf08af54d20d3c1588179
SHA1 fbad66e0d22f463f64fb26425a87296ef6f6497c
SHA256 1d4f15c4e84a7d17ab3990aa6aac39b7caa4116cc9707c2d8ff2cb9225a7c52d
SHA512 fdc56d21fb5a0e8f16882e7d3609c5b867d0ef1055c61eb03341d8fc2c38d53982a80864dac2b286c2ab2936a6cc4fdae1c8cb512e386811662994bf493b323d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 181432eb6f5ba85c1c11f6f6aceea63b
SHA1 196b474dfbcf94bf63ed8965355046f17a2c0154
SHA256 bde94f2da17ce55d8747ccacf5054484393b057c77418aa4a044678211218c26
SHA512 d39001d88c828a17915e475da77ce5dec84cfa318c80782d60da8343ec25cee8c8eef1e0fad8e993147b497f18a873b31124febbcd6290bb90547e22bad0d93e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 771f0c9cd4e796e518e8c49b45f9072d
SHA1 e3d9b0d0b9d172abb7f6424ab46ef21bcab412b2
SHA256 aa26f4b0fba3070354e0ce473567426f549acd6f104b50f5c24e35752f62aa2a
SHA512 329ec6f99528784776e832e21193d9459d5ed18f063d8de50f0177b68f0768621f55b3ec042527ce22ab138ab7fa7b1750ad4967db062b0bee3ff70f31872c8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f6dd78562a5bf08af54d20d3c1588179
SHA1 fbad66e0d22f463f64fb26425a87296ef6f6497c
SHA256 1d4f15c4e84a7d17ab3990aa6aac39b7caa4116cc9707c2d8ff2cb9225a7c52d
SHA512 fdc56d21fb5a0e8f16882e7d3609c5b867d0ef1055c61eb03341d8fc2c38d53982a80864dac2b286c2ab2936a6cc4fdae1c8cb512e386811662994bf493b323d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83d88377e072745e9e1d809eb54b3135
SHA1 1044197c082b43347a5348cdf4cdf8dc8c96aea7
SHA256 0af506e4895f3ba31b0606c8cfa1203c23ff6c5ca7328d823b39db27d254b57b
SHA512 d1d07d8d1f849d627cad3ae84e1706f69a634829f23ae3097c7414be8b438a59f0c59a45f3f43507e3bb2e2cb9ae06f99da395745bb6d0ad5b7efcedbafd849a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ae3c9d55a596c5bdac356d93f03a940
SHA1 89cbd16e0c7834f97ce861ccf224375495a22d05
SHA256 8b1a772b3e06d8c674c5f0aa319cff7db6672490a4b65582ec5dda2753b9103d
SHA512 955ccdd1bc9a89879adf31d3542c6dda806a238ed6cb8f00ae3166c4d6c7c92f31f39a8e7bb6b3a7064d349546a4ac36297f6106b02a14eec1d1bd9ecabdd0fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83d88377e072745e9e1d809eb54b3135
SHA1 1044197c082b43347a5348cdf4cdf8dc8c96aea7
SHA256 0af506e4895f3ba31b0606c8cfa1203c23ff6c5ca7328d823b39db27d254b57b
SHA512 d1d07d8d1f849d627cad3ae84e1706f69a634829f23ae3097c7414be8b438a59f0c59a45f3f43507e3bb2e2cb9ae06f99da395745bb6d0ad5b7efcedbafd849a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cb1f4403-9168-4b58-8512-9a225359dd8a.tmp

MD5 ceceab060e3a19043fed65428f65c11f
SHA1 ded451f4653833d5ebbc8b3151929586a25813d8
SHA256 a22197aa6baea49e30f629413b77ed9f079e0263595431e564022bf8d6d7fe12
SHA512 a1960aec3a6d2532de1ac9d42d02d817b4568c4709c9c5fb8033a5bd01ff7aa1ed66d0dce4ceb440916c439ebc3559b48381d96205856758855e10cf75d2fb85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f6dd78562a5bf08af54d20d3c1588179
SHA1 fbad66e0d22f463f64fb26425a87296ef6f6497c
SHA256 1d4f15c4e84a7d17ab3990aa6aac39b7caa4116cc9707c2d8ff2cb9225a7c52d
SHA512 fdc56d21fb5a0e8f16882e7d3609c5b867d0ef1055c61eb03341d8fc2c38d53982a80864dac2b286c2ab2936a6cc4fdae1c8cb512e386811662994bf493b323d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 771f0c9cd4e796e518e8c49b45f9072d
SHA1 e3d9b0d0b9d172abb7f6424ab46ef21bcab412b2
SHA256 aa26f4b0fba3070354e0ce473567426f549acd6f104b50f5c24e35752f62aa2a
SHA512 329ec6f99528784776e832e21193d9459d5ed18f063d8de50f0177b68f0768621f55b3ec042527ce22ab138ab7fa7b1750ad4967db062b0bee3ff70f31872c8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ceceab060e3a19043fed65428f65c11f
SHA1 ded451f4653833d5ebbc8b3151929586a25813d8
SHA256 a22197aa6baea49e30f629413b77ed9f079e0263595431e564022bf8d6d7fe12
SHA512 a1960aec3a6d2532de1ac9d42d02d817b4568c4709c9c5fb8033a5bd01ff7aa1ed66d0dce4ceb440916c439ebc3559b48381d96205856758855e10cf75d2fb85

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2bV0551.exe

MD5 282465cb811ac438486718a3742468a4
SHA1 a16f9f0c7dc09f503d1dab05c7c330ca262ee6ec
SHA256 7ebfde5acfde866ce50d249768530ed8633999e87bb4b9e6af7398c68abe98f1
SHA512 15e4070de11588757ca7092319e47282349faf4601bdc53b8343c55cce7731f4ce60fb9474b8abb6507c69ddbbd185c21bbc573484edf5b45ae38cab7c72e93e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2bV0551.exe

MD5 282465cb811ac438486718a3742468a4
SHA1 a16f9f0c7dc09f503d1dab05c7c330ca262ee6ec
SHA256 7ebfde5acfde866ce50d249768530ed8633999e87bb4b9e6af7398c68abe98f1
SHA512 15e4070de11588757ca7092319e47282349faf4601bdc53b8343c55cce7731f4ce60fb9474b8abb6507c69ddbbd185c21bbc573484edf5b45ae38cab7c72e93e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ae3c9d55a596c5bdac356d93f03a940
SHA1 89cbd16e0c7834f97ce861ccf224375495a22d05
SHA256 8b1a772b3e06d8c674c5f0aa319cff7db6672490a4b65582ec5dda2753b9103d
SHA512 955ccdd1bc9a89879adf31d3542c6dda806a238ed6cb8f00ae3166c4d6c7c92f31f39a8e7bb6b3a7064d349546a4ac36297f6106b02a14eec1d1bd9ecabdd0fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 771f0c9cd4e796e518e8c49b45f9072d
SHA1 e3d9b0d0b9d172abb7f6424ab46ef21bcab412b2
SHA256 aa26f4b0fba3070354e0ce473567426f549acd6f104b50f5c24e35752f62aa2a
SHA512 329ec6f99528784776e832e21193d9459d5ed18f063d8de50f0177b68f0768621f55b3ec042527ce22ab138ab7fa7b1750ad4967db062b0bee3ff70f31872c8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 368ceccbf9fd145770d83baae55e19d6
SHA1 8b98f79c141cbcd5942e72cbbdf021f58b62f414
SHA256 41ecc44e60e85ac9efce20e9ce56ac32b3884c878234728ceb195109a8f31471
SHA512 7fefc64f513409459a75468a898aab039c8ef6020d9127c9b2d3ad8f8737e20f4dabe4365038bac6b34bc4f51fa40c85d143182d62d9705ad4df2f457a85d5c4

memory/7236-247-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Yi94dA.exe

MD5 28d072c3e03f39c936617dc6d94000f5
SHA1 f7a5324903fd8be099f1daf55948b12c841f37d9
SHA256 f409dfdbe841643ab470926ad4b87359418c56ec167867f11d660983e9c1d6d9
SHA512 a2cd83fff3950ec6ad6cb83a8e3d395b771ea3475aa6780b574548789601eac05201670f8b9b27ddcea12a915fca581adbf75a25e9a5eb795cb05482ffb0bf9a

memory/7236-250-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7236-251-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7236-253-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Yi94dA.exe

MD5 28d072c3e03f39c936617dc6d94000f5
SHA1 f7a5324903fd8be099f1daf55948b12c841f37d9
SHA256 f409dfdbe841643ab470926ad4b87359418c56ec167867f11d660983e9c1d6d9
SHA512 a2cd83fff3950ec6ad6cb83a8e3d395b771ea3475aa6780b574548789601eac05201670f8b9b27ddcea12a915fca581adbf75a25e9a5eb795cb05482ffb0bf9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c28503ff490404c7052d028e5ff398c2
SHA1 c534648f88ab712b8dad06f397ca2b7afe2c8121
SHA256 7acb12ff1eb374f61b0012a6416a10093e79770682600babc49087984e879cdd
SHA512 181500cc58aff492a0918525a2ea454452f53cdebb464d96f1a7047eb3258ebeacca3b173141bcba45be3d765eafcbc1c1f2d7f23ed3e1d69348e1f1159d48e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

memory/8032-295-0x0000000000400000-0x000000000043C000-memory.dmp

memory/8032-296-0x00000000746D0000-0x0000000074E80000-memory.dmp

memory/8032-304-0x0000000008050000-0x00000000085F4000-memory.dmp

memory/8032-311-0x0000000007B40000-0x0000000007BD2000-memory.dmp

memory/8032-319-0x0000000007D90000-0x0000000007DA0000-memory.dmp

memory/8032-321-0x0000000007D30000-0x0000000007D3A000-memory.dmp

\??\pipe\LOCAL\crashpad_3440_DASITZAIKVFPQZUY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/8032-396-0x0000000008C20000-0x0000000009238000-memory.dmp

memory/8032-397-0x0000000007EE0000-0x0000000007FEA000-memory.dmp

\??\pipe\LOCAL\crashpad_3384_FNBAIYYGFEYAIGWK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/8032-422-0x0000000007E10000-0x0000000007E22000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/8032-436-0x0000000007E70000-0x0000000007EAC000-memory.dmp

memory/8032-473-0x0000000007FF0000-0x000000000803C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2061225c877e716172cf146144cb49c1
SHA1 18c7da5beaa973bf923cfb1e0fb0c493bf97abf3
SHA256 92936ec9113e036acfbfd3e0ef3ce862daa2a306478d1da950baf9f02b412ce5
SHA512 192686c65c8fd607b180968164adfa2d51855a72eeffb643be4f6c7138a2b38e17cda4653b662ed9c473dfcdbd03e68eb29a346b7415a06b9ea4686fd4ba747c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b7a32722a78e3227ba53905abe046072
SHA1 b9205d9d81fba31643a1912e739a7e3c1c612dab
SHA256 22c495bfbf58ea7ff515a1bd7e18b7fda6a2ecdd358cb2c24d5e03aa0da5c9af
SHA512 f71ae94fac958fa206f76ae00e68f7c89f80d1988455e3eb6be53fcb5aaa7cb63bf61759f7d3051d14ee7d9d47e1814f9aa9cdf5d25f3ff90beb95e0fe0e3f35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5810a5.TMP

MD5 92915a5c6d8cc9ffb22cc4d7dbdb96fe
SHA1 987a0a4f15ef042e670ad58d20b5b863a3e3033b
SHA256 6f16dcc02f071fcf201f296550ae2cfaef954d75f1f64fca7dbf84dd9d0d94fb
SHA512 1d1e256f987749dcab3530cc2376019944c76f1ec1719af6a47b54a2e53253d009a98fbfcc266781be0ed1bb006f270c519a7ce46d155cab0912e046db4501c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3328896fe80700b18700a660cda4dcd6
SHA1 e4aae5d2af422e74fee590e34831907fa8d28965
SHA256 2ab66e3d8fde455713ef178d5b439176c21ab778071e6792f228fda5873fae91
SHA512 c412a2f71b34e282f9c965d52d07bca6cf55d5b54f335314edb38f63d1577a77a14b6d97cc12f4fdbf1b65396cc6124309a232d77f09069e19333728b1b9188f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 dbebe2796f1ba9a746665938eef06b7b
SHA1 03f26e781e25857bc1696dc0c6a67a675634be62
SHA256 5316e6ce3524801ea3a001901939264041194f59345627dd9ac7611d74952800
SHA512 468bb77870237363cb6acab914b4176d8a62b897baedbe6572a70bb1b115eed2e7ed5bed05591bbc8027ed734f9244595c6bbc99785f82a3ad3ca7766ecdaff9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe582ad4.TMP

MD5 46b5d5c8dde63dd89105562048b51fea
SHA1 16dc1a349301ec843bde792a981ead2f42624d63
SHA256 6cda74500878926ebb6bf8229eeb85490ebd399684e78ef5aa14c63edc870c87
SHA512 c3bbd798f5e90dde83b82fcda42423de5375da2aacb632dc15c0b56fcb9b8cc33e035fab11b7579f40d0ea5dfab06f027d39785a76867d3970f7d3add9f7df7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 910d41a0f85062828bd4d4923cf38a29
SHA1 aff7cfce2abf9034d731b531e5d2199c1f4ab2c9
SHA256 d88d389cd1addba2c2ca4f682bd2e104c71f4fdc419b8a5c7d42b98b59edf1a6
SHA512 010e09c4f390bbf43ccbe60379d4d5c2d45fbb8dd3ee3473fcad9e609987b1420d6164735ce97ea9b03069c238e9d26f5afe2535a7dc71da29d00244e5b025c0

memory/8032-866-0x00000000746D0000-0x0000000074E80000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6ddd96de-e25c-4f1c-b778-4df662be89da.tmp

MD5 f719d195c2d48a0b1e80baec595acaaf
SHA1 1e4c29e1186f781f54fa3eb35ec4b50b00cb7dc7
SHA256 29929877269819b6a060ea79077cc7c14b285a274ded86747be12651f07f079a
SHA512 25ad15613928adcd5c537956bf9eae912961ee997be4b7ccdf5ba6cf0bee2383d34cfacb98233146a6aa22c080ab4e0e25d0f44493a3e19fa6f4f0afeea8d281

memory/8032-983-0x0000000007D90000-0x0000000007DA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d53f6a7f96440a6a9510926f4edcc758
SHA1 d8c49f92ff0d526fb4938ff90a128127f1a0671a
SHA256 82727d5150ad9fcb3728f308af20dfcbedd25d3fd1b34fa47f88c7ac30acc6c7
SHA512 6843eadfe117a3771a8c3caf9496dd8c6c0335021c81aefa9ec1736bef95090195190334d01e2f80671010ba7094846fb427a1ec8c6759c1d4ea7558c450bf4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 050316d56800c19574dbfcc66af68f5e
SHA1 9c038ece79cde0a646cc0ad0f1f1fdc82a721dcc
SHA256 d2e019698f8d82adf4925ed1b9f7586a4b4af991343f709fb468d65a13b1a815
SHA512 cb361090f2d5b4a1d97dc419fee366f50640c4b6ec9e93c0d91347d5985cf4ef5e909691bb3e2b4f24ea3a694c82daa2ad001796950a0db77671b0fa486fe405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5878f4.TMP

MD5 83b80d407314f282701b9e4e3e5563cb
SHA1 c3006b78ac60dcd221158356a8e4e27595b88c11
SHA256 1cd70bf12a85f5094bc9eaf41d2b52a6753f3dd6fc99f7dae43b51c613db2591
SHA512 3a13ee5a4103646991e3cb8c6e888ba6c039cb9b712791c565a512123c82c9f23613b07d3829b0966fe249bfcf47c80127b64c71cce66054bfb13713bce93a9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1471286a22558f07ead7e9340c8ed946
SHA1 50bf6d5e5abbdd0e70b4cb84e6b9ce6acd470b6f
SHA256 711b019e6ae058f38a3c72413dafd64761504ea4825a54d1c39b65e306ddb277
SHA512 76ec0748e88adbd379a1b09f195c92b7dc749428dea302d92fee9fb2a64541c3e470b95a12d110eb025acd01e784bc7c864f1c290ba2823adf3c2127db3c7398

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d448635d8bc0eb26a27f8fe683aef64e
SHA1 95c6c4179b18f813c574f3d2694f46a7f0b29ee3
SHA256 2475dcfba0affbaf3f64ac939df60ccb47b67759c2a028e49a72e5b0c03c35a4
SHA512 5e23ae889fa6fd76f4ab685d1afd08309b91ed452e033e83661ed446b46d930da8e5b4b70993f244c49c60f3b6789550dc0eb220078b5b996d897fdc62661cac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\13c049e6-4530-4f8b-8784-53fa0f5e93cb\index-dir\the-real-index

MD5 7368863b70cefb611683b2c7efd4ef07
SHA1 3590db2a655c2d8e16cb544da55023f98d99c79d
SHA256 6e3a2a020c7a948d8d82c3035d1fd07d64e536ab7d221622c7d3ebf8c9cce9bd
SHA512 1c377bb7d12a66cd3df6b2de0405866c4c02f2248b0f16e5deb624cae1e055d1330dfe567ccaf8fe713f95b232a2757c19e4a1f22b3b72599b07e359d550f515

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\13c049e6-4530-4f8b-8784-53fa0f5e93cb\index-dir\the-real-index~RFe587d59.TMP

MD5 cb3bff82e93c9e5acf2011e576671bf3
SHA1 fc08e249167e7b70544c162a549c9780cc6656fe
SHA256 511b45143caa9a5a616e80fff095272817d523d8333b556afcbccb1e2acf3f44
SHA512 832673f86e0582338d19e62a4947389176d4b6606ecacda1cda191998e082a3b663546671ab7e545156073e5bb8dab7e92a23452dd4db9ddf6468b07b2f9957f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cbe463e570558e32193642b441c47575
SHA1 6a28029738b64d120d55407a8efdaa0be3fe6e3b
SHA256 a54fc65b47cd94f1f499f81c712dff92bfe5541486d028315d3e165033429431
SHA512 ff54004c3185fe1fb9e941c82f1fc6260e4880067d7b614d1afeaa528a6db6e066ab863d9967014f426386b9c7529e612a1f8b3efbf2649db606b19136061bdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ed4aa24f686d8ed5b98248129e8c130
SHA1 5a9f405c4a64a79c5f7bdaaf9a0d2c44298b7a41
SHA256 826808d458db95e91c62f07e307d0a56e689b73cb5bfa3821a38b8c0ea878f2b
SHA512 1c5db1842b758e0c5f87bdb34c35b568e2f01f0a46ce1553abe8fbf800d8d628402a98744533f46f374d6ae5f39cfe555638bb97fc6d26e8ffdb819c84bd45e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2899d48e8a50a897c95fbc3dc4a9ff9c
SHA1 95d409735db15fee7ca1cace07c63b9fdf67d8b2
SHA256 67d14943f419bf714bb85456f1e62b2fca6cab7b5b9ad67ccacc0f9835e541b7
SHA512 b8d675a18f520e642603e7dd74e99d7871b0125e848d0d27a3888474e8daffd66e8be4d7cd6a38708a6f129bf8a738768bd004976bd04f1fb979eabbfb17798d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 da9d1e618170cc609531e7dccf8311b1
SHA1 155a6fd9357a3319747dbb4848093a3130172fc8
SHA256 99a2d60be14d759e962b2be8e87eb94ce9ee80441cf2b0658883ae707daba281
SHA512 219ceeb4ff4136c0c920951ec52bf423324c98fcbd3f50c3114a4d6f4bc6e1c481ae596a14f4786d8f23fce78b15442eeaa46b9feeea323b7ded20bd163ed3ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\1be87ac9-b53e-4e3a-854e-ea574644406c\index-dir\the-real-index~RFe58e673.TMP

MD5 35a7056723bb45bdc765cd12feadcbc1
SHA1 aa7f51641489cb60633fa329e2863a919c87e64c
SHA256 85fc3bcb1eb1358950be5cf5f0758517a082dade692bfaa637170a915617c180
SHA512 1a563c4c7a3f9751682e4611a94f84e9235d472290305c895763dfb93fcb7518fc2cd2ee8fb543f96b8fc29dbbce645aed4cdf5bcde2af7b1d0437552ecb706c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\1be87ac9-b53e-4e3a-854e-ea574644406c\index-dir\the-real-index

MD5 e2fc0f4d77665912930675dcac761da4
SHA1 9d25a57ea99efa0a8b9784768840f5e6d398553d
SHA256 2fa1dca5615495b5a1c9b2d4c56752a5b16f0f82d6f0fc2abaf6aefa940092fe
SHA512 a127ccfa4c8536499f853068f9c64621d2023f49612a5b1d235a5c924f892454a6825b9031372b7022fc2bde53ea15b9d2ee8f9b76923d87189fe09810f5e79f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 ac6ccc75190242694bbd5700872a0709
SHA1 f03eea05be2923389b6bd832ec29fb9cf6cbd04f
SHA256 70f29f607f0304a1100ea6ed11a8353595cdce2867f12268f45e599e1b9fbe5a
SHA512 e889961fe16323558012d27fa650cb825ca6787a1574c808ba9a9a6f5ce6869aeafa22b8f347bd07eec261f30a1bb327298374b035ecefb2d0f031551dac5192

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 815322810533d031a28976e96c327294
SHA1 5d7a7fef1b5e1564eb3a4d904272d975a16a9055
SHA256 7a84e56d05f4711ca4022fb4b268ed63903418c122a10e0a7a1dabb662430eff
SHA512 2941c0459beb1ebe09a5df1224db0c01fc5bffad2c15466c56b2edbb37d68ed1bd1335d53fa0dfb4b7404e6251b9581a3590ae422eedb07d3bd29605a2189f4f