Malware Analysis Report

2025-01-02 05:30

Sample ID 231111-k7mlzscg7s
Target 270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b
SHA256 270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b

Threat Level: Known bad

The file 270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Mystic

RedLine

RedLine payload

Detect Mystic stealer payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 09:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 09:14

Reported

2023-11-11 09:17

Platform

win10v2004-20231025-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1648 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe
PID 1648 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe
PID 1648 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe
PID 788 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe
PID 788 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe
PID 788 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe
PID 1076 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1744 wrote to memory of 508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1744 wrote to memory of 508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1076 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4984 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b.exe

"C:\Users\Admin\AppData\Local\Temp\270f4aed3071c67116d1ef4a6a23eace87c0c68a206b1e2ff46c94ae22089c0b.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x140,0x174,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,6693955277590289391,17413485115927177687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,6693955277590289391,17413485115927177687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12390866358331388401,12907529734595180802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6412194462128557881,16946194891034241249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1120496780622759747,14749241971701926960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x168,0x178,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa21f346f8,0x7ffa21f34708,0x7ffa21f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Wn1344.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Wn1344.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7936 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3zS79Hz.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3zS79Hz.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3340 -ip 3340

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4166304425770225436,2225093272673613634,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 54.152.70.17:443 www.epicgames.com tcp
US 54.152.70.17:443 www.epicgames.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 17.70.152.54.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 c.paypal.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-q4flrnss.googlevideo.com udp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 106.57.194.173.in-addr.arpa udp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 172.217.168.234:443 jnn-pa.googleapis.com tcp
NL 172.217.168.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe

MD5 3b7106c4081de15564c5551af6e2e379
SHA1 42d9434ddbd83d6de35cbc69c042c913bcfd4853
SHA256 47ce165234eceffa07654684f22a0ace2566bf9f968b2db7951f7269a36ce71c
SHA512 c5d5f6de850d342dd711cda368a7d87acafecaeabeeced81363785651b1a59fb6f2c463a1b80b6e29dafe6ff74e4f50582786430072ab40b789eb58d7a8edfc5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8uP65.exe

MD5 3b7106c4081de15564c5551af6e2e379
SHA1 42d9434ddbd83d6de35cbc69c042c913bcfd4853
SHA256 47ce165234eceffa07654684f22a0ace2566bf9f968b2db7951f7269a36ce71c
SHA512 c5d5f6de850d342dd711cda368a7d87acafecaeabeeced81363785651b1a59fb6f2c463a1b80b6e29dafe6ff74e4f50582786430072ab40b789eb58d7a8edfc5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe

MD5 04007f7d6f0048bf0190a30788313bda
SHA1 a146946ea7527dc09b2f933e2db8815314a98b54
SHA256 3f914030022af80f82d76dc20a84b7514d95498b27bbe7fc1e09c3075b0263b9
SHA512 547be58ac17d0bef6aca7a0df9a07ee386ea5ad7579668ce9382bc039c9203c5055c82083149c7b1c906a1534e0a4fac9136af8e5d4ecb25c51736f54e0f9e08

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1tj80Pk8.exe

MD5 04007f7d6f0048bf0190a30788313bda
SHA1 a146946ea7527dc09b2f933e2db8815314a98b54
SHA256 3f914030022af80f82d76dc20a84b7514d95498b27bbe7fc1e09c3075b0263b9
SHA512 547be58ac17d0bef6aca7a0df9a07ee386ea5ad7579668ce9382bc039c9203c5055c82083149c7b1c906a1534e0a4fac9136af8e5d4ecb25c51736f54e0f9e08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_1744_GVEQRFXYBCQXZCWE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4984_QOOMCXWFRLPVLJKC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14a159171a44b845c70134e580dca454
SHA1 b2f26e95ca61d6e05894b3cb2f0fc2fa622c3493
SHA256 47c8d868d94676586cb3a4468ea24c2c7a446b847ae5919c6b6102b4bd7a11f9
SHA512 bd92ef0d17056f3815228a310b8afae9d03d2f3a7cae5b6c5920b2e9f253fd4997651ccb1ea8d9e7592513a28c865189ae19e175a0812d6431b740c6fcd73a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 836c1aa5c4e128af5ecd39e82eafe4f0
SHA1 4746bad0eab83ae35b8286fc2070abfb50a3f7a9
SHA256 d240b7492a3f9c4bc22bd7df08196d601f73ec4a6336ac7ed7e2323d47de185b
SHA512 16de4b4d24d603e502fbe159d19d21b9713c4622414bcd96df64a05872da726054224136c456fe14841b2d8d4469d3ab041e71249f44604ed920482fdc98be6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89c1f7ffc86caffb81a0311bf6853264
SHA1 a16171f93031025508d316b509588c1dd80b89df
SHA256 adba4e0c69491e3534549be8e92c8d2fcd14ba3434586601ce9cbd99cf103228
SHA512 2843103e8e66c13059db87052d19a1497a8a2460515c3435f733e5be50dc3e1a2f77cf78aea85e6ffadfe6ab2352a9d49e0ca3adecadecc268a0020bd2cd58c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 836c1aa5c4e128af5ecd39e82eafe4f0
SHA1 4746bad0eab83ae35b8286fc2070abfb50a3f7a9
SHA256 d240b7492a3f9c4bc22bd7df08196d601f73ec4a6336ac7ed7e2323d47de185b
SHA512 16de4b4d24d603e502fbe159d19d21b9713c4622414bcd96df64a05872da726054224136c456fe14841b2d8d4469d3ab041e71249f44604ed920482fdc98be6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14a159171a44b845c70134e580dca454
SHA1 b2f26e95ca61d6e05894b3cb2f0fc2fa622c3493
SHA256 47c8d868d94676586cb3a4468ea24c2c7a446b847ae5919c6b6102b4bd7a11f9
SHA512 bd92ef0d17056f3815228a310b8afae9d03d2f3a7cae5b6c5920b2e9f253fd4997651ccb1ea8d9e7592513a28c865189ae19e175a0812d6431b740c6fcd73a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 00830743f72162d7559bbaf5ad90cddb
SHA1 ae0cb70c1cfbd545184a79c6ec9dc885068a25cc
SHA256 33a6e0033fa469ea45da8a03649948fb0bc07428b7ea98280e4bd5eefe54a737
SHA512 48ae3e782176e88cd6f3b2a49ef8fc4ffacf861ba2d9724439dadd482b9a493034d43b45e7284790606226a71141096a242d0a8956a9b708c612736ffa1d1eb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89c1f7ffc86caffb81a0311bf6853264
SHA1 a16171f93031025508d316b509588c1dd80b89df
SHA256 adba4e0c69491e3534549be8e92c8d2fcd14ba3434586601ce9cbd99cf103228
SHA512 2843103e8e66c13059db87052d19a1497a8a2460515c3435f733e5be50dc3e1a2f77cf78aea85e6ffadfe6ab2352a9d49e0ca3adecadecc268a0020bd2cd58c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 00830743f72162d7559bbaf5ad90cddb
SHA1 ae0cb70c1cfbd545184a79c6ec9dc885068a25cc
SHA256 33a6e0033fa469ea45da8a03649948fb0bc07428b7ea98280e4bd5eefe54a737
SHA512 48ae3e782176e88cd6f3b2a49ef8fc4ffacf861ba2d9724439dadd482b9a493034d43b45e7284790606226a71141096a242d0a8956a9b708c612736ffa1d1eb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69be0eeb31474a668061c68405730f94
SHA1 228e1c1e9b1ddf5edfeca6611765e04323b277ae
SHA256 b8763216d2064b26e9dce492a99193f77cc8a84ff8f0f5cde70122eb8ddc1f92
SHA512 47c7824668b579ba4112f028395be905bb355c9e6b32bf4e6dbdbfcfd2e750a68b24e5376099832f433d18c11fbd926d49c8d826492e4b9e877bc856172fab27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 836c1aa5c4e128af5ecd39e82eafe4f0
SHA1 4746bad0eab83ae35b8286fc2070abfb50a3f7a9
SHA256 d240b7492a3f9c4bc22bd7df08196d601f73ec4a6336ac7ed7e2323d47de185b
SHA512 16de4b4d24d603e502fbe159d19d21b9713c4622414bcd96df64a05872da726054224136c456fe14841b2d8d4469d3ab041e71249f44604ed920482fdc98be6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14a159171a44b845c70134e580dca454
SHA1 b2f26e95ca61d6e05894b3cb2f0fc2fa622c3493
SHA256 47c8d868d94676586cb3a4468ea24c2c7a446b847ae5919c6b6102b4bd7a11f9
SHA512 bd92ef0d17056f3815228a310b8afae9d03d2f3a7cae5b6c5920b2e9f253fd4997651ccb1ea8d9e7592513a28c865189ae19e175a0812d6431b740c6fcd73a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Wn1344.exe

MD5 50260d77bf7622933e44255b8fa5edea
SHA1 43ef379ff5593c084cd874fbd16748e24edfc823
SHA256 0c3be630f3a8fc81758e02f19a4df3dec4c4e964a9937708c0e938b492cfd3f9
SHA512 152de6bebaf3e8229dd9de7aac1562d64ffcf26e290c77b9bc9ebb3569f8643c4d15b1194d1ba854e330ddb4fe7630b7bd0a13b9a9943c672080442210bdab38

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Wn1344.exe

MD5 50260d77bf7622933e44255b8fa5edea
SHA1 43ef379ff5593c084cd874fbd16748e24edfc823
SHA256 0c3be630f3a8fc81758e02f19a4df3dec4c4e964a9937708c0e938b492cfd3f9
SHA512 152de6bebaf3e8229dd9de7aac1562d64ffcf26e290c77b9bc9ebb3569f8643c4d15b1194d1ba854e330ddb4fe7630b7bd0a13b9a9943c672080442210bdab38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/3340-213-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3340-214-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3340-221-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 00afd3dde3a8b7b9061599dba3dfa31e
SHA1 d4e8edcaa749a0ed1420cca9c68f08e7d4056526
SHA256 c172d3fcf6e9c88f3ce2e13e1248db724461662294af16954bb72477c203d870
SHA512 d81c08d5904279386227ea1e360ec20451e7d1b6c374c598cff7cf234dfb116256982fe919b810c33a3481eae4156d35a2b9e5d2344b7c26165918940f7af064

memory/3340-223-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89c1f7ffc86caffb81a0311bf6853264
SHA1 a16171f93031025508d316b509588c1dd80b89df
SHA256 adba4e0c69491e3534549be8e92c8d2fcd14ba3434586601ce9cbd99cf103228
SHA512 2843103e8e66c13059db87052d19a1497a8a2460515c3435f733e5be50dc3e1a2f77cf78aea85e6ffadfe6ab2352a9d49e0ca3adecadecc268a0020bd2cd58c0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3zS79Hz.exe

MD5 ac206da2bd03de6399462b76c026e68c
SHA1 7f4cc4745f9ea11b5f0d446be6dcfc8c14f63c00
SHA256 cf99574da0f10068f93b65f740d3fc6440b33fb87d40163d0ab68a6d9bec6646
SHA512 768cdea9b793d286f6aaac31c3508f577ed765bdc0e4a53303ba5b7a20cdf6fe3931dfac718a020eb83e4827ca447138cc3d65e692d1ffb83cd5892c5d541b9d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3zS79Hz.exe

MD5 ac206da2bd03de6399462b76c026e68c
SHA1 7f4cc4745f9ea11b5f0d446be6dcfc8c14f63c00
SHA256 cf99574da0f10068f93b65f740d3fc6440b33fb87d40163d0ab68a6d9bec6646
SHA512 768cdea9b793d286f6aaac31c3508f577ed765bdc0e4a53303ba5b7a20cdf6fe3931dfac718a020eb83e4827ca447138cc3d65e692d1ffb83cd5892c5d541b9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 466f39422ac6de6a35310830c090cdd3
SHA1 a543123a32626f5d06601d6c5e1738a06ef0f590
SHA256 fdb4226dacad61e881c89ccfa0daf434e894575c5b2227117e1720feb657b594
SHA512 b1f88f7e6686ee0444c94bc31f6b037c302fa140bdb59c438d2c23b0dafeec627b56832791868adc3d8e4fd2eb80b21e53830b39296fcd6fa47a907c7bc73eb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

memory/7348-276-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7348-287-0x0000000074A50000-0x0000000075200000-memory.dmp

memory/7348-290-0x00000000079D0000-0x0000000007F74000-memory.dmp

memory/7348-302-0x00000000074C0000-0x0000000007552000-memory.dmp

memory/7348-311-0x00000000074B0000-0x00000000074C0000-memory.dmp

memory/7348-322-0x00000000074A0000-0x00000000074AA000-memory.dmp

memory/7348-343-0x00000000085A0000-0x0000000008BB8000-memory.dmp

memory/7348-373-0x00000000077F0000-0x00000000078FA000-memory.dmp

memory/7348-374-0x0000000007720000-0x0000000007732000-memory.dmp

memory/7348-375-0x0000000007780000-0x00000000077BC000-memory.dmp

memory/7348-376-0x0000000007900000-0x000000000794C000-memory.dmp

\??\pipe\LOCAL\crashpad_3004_MVQHXFMTMKIYUBAG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

\??\pipe\LOCAL\crashpad_1408_ITSBQWITHRTJPUJW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

\??\pipe\LOCAL\crashpad_2136_HRXLBTEWBUBGSHQE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d081cd3b26873766c57c4614a7933400
SHA1 89d4bf1e19e49fa1051fe59e49e070e7024b135c
SHA256 e335bc1223872ba8da701d5adcbbbd9a6d4ddae93a7856aaa0df722189f5eac9
SHA512 db6cc72b8c9542aab226a67984976b4a11d5f1fb852c6c9dcd4eca338179f83a54604019190fbdfddce840c6c8eb322574e9a7ee4de936ffcce3f197d7e7213d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d1f6.TMP

MD5 8982f5621bb1de60a5fa8a13aa85278d
SHA1 326ce8f734fb9bf96ff816cd185dfe4ab9dce323
SHA256 3777968ce5f668f1a77dec22b2ad4892f639eab830b7e7ecbc052fc60cd307d4
SHA512 0d5086821ed340d303ba97d410c9081e15b8ae3935ba8bbf01f1e058c25db64d0966be81a06ccbe37e6792ad414a536f2c427aece88f50fcddf42b18cafe7901

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 1ad1e644d9f8fceb58bbbfcbc9857535
SHA1 f6db2c81e2ba5c83a38401a9b0473dc8d77167d9
SHA256 f7823563f85879e7bb3a2eadf3e06bc188d970779b039ad7eb5737ba06413ce9
SHA512 e1528a9e73214eec8159688ba6c0efa2caadc76c384d90ccb2ee079a399350b5b162914344fefd114eedc60d9d28f04654fbec395605ddc802acf18166423d03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe57e484.TMP

MD5 8d78812121b28a7b2209715f160ee02a
SHA1 adabe7aa84e481588227bbe8942c4f7b1248f9e1
SHA256 3a5f4647e025c9746fd4077de4037f3f9a122c01f8caf51a401e66e0f656eb35
SHA512 ee63acbae6c53312076f1f6d04ca9de92493cac8034f8c8d34e2706fa8b910562b5f17076d699b73d579bc2e1b9663eaa847f8c831b475c3f18b06a54c572f2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 10178b85daa4a71f5878cc1201aebc16
SHA1 09f9d8ac412b56e4e11ed5a06f46a52f1e67e997
SHA256 7a37f459272c1e24d079d6d2baee332972b52fca6d1fa1299fb2605d55727151
SHA512 42b02bc8cac5e51c228837f29ce5950ff29690ccc4d8452b15d1eeec843888dfc568a26adea18e5a7a4aca837da551671ce167f12a2e08b2102bbd79e79822bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a53b2158-b314-47d2-82ff-a892b61639d0\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fb4bd8ffb58180f6184602bd89fcc8bd
SHA1 2219be6b4f9775d12c9b3512c541eb4da848898f
SHA256 42468eef9801f9786e6269e25adb4a37516be2e36837336b2a85e44b229509da
SHA512 0af5ef12052421ac65e0a2b3aeb736b83b667813de391caa02511b2246af82000effe3b4c9b126f80bf907e8eed5ce07d31802c770851062ed3ae744ef04ef5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a1188d6af445cb74ec17aced9c0ff0bc
SHA1 196e6c6b83aa7f58f1dd0ca5c4da938ad01e8aab
SHA256 4d6d88c0a48b4efdc77b730b793f0a88d916926b70d4e1044078bf865ac952a3
SHA512 59185c27a3440513f35aa80371fe3f618f0cd87c1c366abe16803b9cf21fa307ae08411c3fc5c187fca3de8924692848462a0b110d198607371ad74ee267efbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 861bc60e02ea83dc5b8ab949eaa0976a
SHA1 b65941794728d5a616d0faad62d9b741cf8d6c91
SHA256 c6b10a217a1ead30d86659aa6176cf641565d63cb30fd293cbf9552fb8de9ded
SHA512 2a047ae29478d32c83ce3efdf23cc1d719acdebf9eaa325773c7f634b4a534de2b4aeff5ff1a74fd61e14883341c022c80156593dd4f8f506fd8a361d9fc6279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bcac3d11e784c1eb05b319f6fac06cec
SHA1 cdc2ee84d64e972d598bab12837d79b1ae15e957
SHA256 791c277d77fda006e43df781db8470e3ffc1f647228af09e396bc624192ab94c
SHA512 1b7b6951d105d56e32f1cc0590864d4fe90f0de98f24bb9744e032f9e511627f302ab6cc8dcfdde108da7321a8e949b3236975cdef08600a79a780d7c59dcb1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 428a635425ba637acb03aeb43660b116
SHA1 44b1a0f2f8c6a2e512e764bb09a695dc1b07601e
SHA256 5a10cfcd49e4c6942766db5d32e64d81eb3b437f412f4d28466fff8ab7ebce6b
SHA512 4fd1926002447ad2e7bac1acc8f899efe6c7ebcf1ddae6a307d96cf5e854bdc438379dc6dcd59eb35bcb6ec735e67d9b40184126fba0b231cb056f8e0ca1d3bb

memory/7348-1233-0x0000000074A50000-0x0000000075200000-memory.dmp

memory/7348-1282-0x00000000074B0000-0x00000000074C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2bb35a7e7ffc51a0d87103f8e2371105
SHA1 d27ab445391b9c5b31c0a7b54da232178cfdea81
SHA256 7de04acb38814c43b0bfd71ba227b2c3a3c101f852170c6721c4520b047be97f
SHA512 50e01f978f3c2d2e46376a3380bb7c7aa99ebbba51eb4afb4595d10a9143f4630d79045c494df1ce02204e31358036200db88f444d5ab40cfb0fe7f364fcb9ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b0315b83-2a46-45be-bda1-cdf1e98dc0d4\index-dir\the-real-index

MD5 7ece0f1fdd68c072bb344e266ab0dafd
SHA1 b7881ef6b595cce6819e5d803fb965eed921cb09
SHA256 7228bf45a284b93c83d62798f72f28833fb73c9112bf4f2388ccac8430d81eb6
SHA512 085f867684234d3dea4c4853d25ba59de935c17ad7dfce9d836eb47fa60ff232369ff4964eff9e1ad95c18f35ef908b712493a4973b2bbec1deafe746753a831

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b0315b83-2a46-45be-bda1-cdf1e98dc0d4\index-dir\the-real-index~RFe5834f6.TMP

MD5 90ad62caa8103503c96852268e6c879f
SHA1 6683567102baab6a6f940fa39561da94904b5d6d
SHA256 fab94d85c1cab3c1e6a565a23c8ae4bd8cb5c0905771568f7d73e0b0ea308753
SHA512 af3b81163a04e9bfc27acac88b54d3d3e0e6be681e6e17deec9925b85b198d497728ecc9e7f2a909095d6be94aafba51c43f3d20a73ba77a3f976ad9e05a6766

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b60d7d9e479558a322c3773c6ed88c44
SHA1 60bfcb3612767dc1f46aeb4537c0787695ad2ec2
SHA256 22ba190b5a84caf9dceaa7411aa1b394c8e98a2fd30cb2826ad382b8d3be26ee
SHA512 51e373565a9091f0d677e8ad44d10e736fb90387072939f3f325716dbbe4aed19a49a010a0cada4da0f923df37676df9c9a6d30d9abd7b97c9233b5ea52c517d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5637d43a2cc4cf937214709826694271
SHA1 a5615e69f92d008c007d9bafbf1d717eaa6cd7d0
SHA256 7e5dc5ccc1876fd6afafd2ee66eec72d512e3dcb1125cb1a6f5119e24d4885b7
SHA512 c92562fdf471b7e33e9662b527e066d717cfe70d21fd06501d41272b8e403a1bb44282e7decc80551f55bf85595c50a826fccd098e4640e977ba6eec5fe32012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a2ef9cccea014febcfd4b2404c0b05cd
SHA1 9402ada1e7f2649da2c6da65266401fba0c21cd0
SHA256 105ef3354adca04e0a6e452a3e92869525c37f4e1109a7852562bd17fc0c6b03
SHA512 e1545303de5bde24a4d1305582d24d577d4ca28c2478ef7f4099b99d984a333efd15f3c43bf2a02c13724c4d9ea766611d4f7be4dc0247d562dc0e03e3daa148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58559d.TMP

MD5 635b26d657035f91f43c545c251435b5
SHA1 0a045e8c956dec11258aafe63f448c6e864d2fb5
SHA256 ca99711b068af0041dc5ae42fbf4baf375108c15127caf6f461cab48e46acd1c
SHA512 dad56e49a2067f9db5b79761f65e0b69b03a2bd9850a0100bca687663614010d82718f9139229a92187e105bd336191c921ef44e24e4f3d884652d09db74563e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0008b1a-58d6-4932-9770-7dcd76af90a0\index-dir\the-real-index

MD5 01f8800cad103585bb0dc856c5976dbe
SHA1 85c733e1ccf1a77fd81bb0fd7afc5142ea639912
SHA256 a19aa4d0fe546eb8077acc378444b4ff9a5c7f54449b9764db01efedd1ad7946
SHA512 0b835d290ee7a2a97a4450c6c55b39763a5630e4086c5980f8646c5bfef6e19197b3c05ab6ca6d4348c71a935b4886e4711bd21f1e148f1cb0f5bdd48ed51f14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0008b1a-58d6-4932-9770-7dcd76af90a0\index-dir\the-real-index

MD5 669244a46df5159bad00f254289849f5
SHA1 2bfa5f4a2b4a7ad4d760843bce2a6f7a212ae50a
SHA256 5f92852183c6499e1c4291c236486a773f1b80c9be523f596af651c1af9d4af7
SHA512 ab85739df2a5c71a578e4836630163790bb44d78876de81a3059af1d1463a1a44d788d42267521a21cce7429511ac9a2b12498a3a1b628de2e36c712fb0e5b34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 eee1627cafa7cd8fd79cf0b9ed144f3f
SHA1 40dc85a0b446276be58daefe8726888f1d4f60c7
SHA256 3a9041b20aa2900a98f1c63635ecccaf326430be43656552cd4bd8ed21105679
SHA512 b6943c2a6addcad14db65189cfa041ede53797ddb81245f6b9dc7f4fcbdecc5ca201bb0715efd1d9ccadf102f9e42d4980ed1122cf9a2429350e741da3cd2694

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b43a5d1262f5e2dc6bbb30bdfdf3e7e8
SHA1 8dd1f07b9a0a2270b4059e52edb8cc7b4d676d03
SHA256 72f725ac44a4a363b392b669cf85ae6ca46e3c84678a8064ebb4a34be1897daf
SHA512 7ea2fba7d4a8d7f1b81c5d658bbb09815b8419c87eddb0d763cbd86aa6d35e42e1846ec0a13635203955981a14c191ca0d005b62fbe098b1b4d84bc9fcee976a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af78575b41a2f04e60002514410a0c36
SHA1 e2b24313b544d8999ce8c5ff145a251a6c1d6a6e
SHA256 a6e734b6e1e5ff617461de46e7ba68fc422aa7d6173b803aacbc2df21c0eb484
SHA512 f20f617e5a410af2f4bc147ad637465f4cfe38a74a3cc5bfeff343c8cb52cb58309a3e25c0eda8f419158244a66f78c15ce93103b701780410bc92eb5e4a99c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a11b82fc9d0508367ec22abb4bc434a3
SHA1 75f198ce77251fdd2a6b388763150ec8ee7ecb1d
SHA256 13dbe97fcb630d9dc7b93de50eadfde36900f0c550d57defd403eeffb85e40ab
SHA512 c4277a5c669ccf396948d427d12b8d9bc6113e243c6865b7d30d969a2ddb540509ea194822a3daab54e72c6938aba1ef8478bee4f01c2eab80d761a628a38bea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9c38fd079cc17d7511365b31ae0e452e
SHA1 313b9dab958a940cb180a945d179597262c082b1
SHA256 0221bcf76bba20f3338e5f29ae8992499f4bdac3ad55693a37d2aff132a720f7
SHA512 04d0ee8344a0ed285beb17efd5f6c4305d55e920f3bb071cd1280ab4d42967ba19b26bd9091ab193212057a05bfb3898df41cc150d612262ab1afc1115908c4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\47ee23f1-27b4-4141-a693-a12d292f27d1\index-dir\the-real-index~RFe58bab0.TMP

MD5 ef49592c4f0b00d92b811f1c23bb6277
SHA1 c8a2f5f927313aa4c277b6fac6e21ae634306aa4
SHA256 275b71a053c33e9e7aa455f85084bdf72b3c01f4dcacc5b08f19dd5e55abed30
SHA512 83cb8b0017e072f935ee7fc506cc3426ea818c207f04665c5d40d43ec4d863415d46dbc7c8aca66bbc874973f47288e0931c6075709ee833d1a8d86b1e3e76ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\47ee23f1-27b4-4141-a693-a12d292f27d1\index-dir\the-real-index

MD5 7f1b9407600f49b8c3c1fa0550886a15
SHA1 b3deb1dcec166d076044a80e94cfb66bf4c059ca
SHA256 ab900549574f95ead5f464b31de5e169bf03590d16c70eccede4b5e4c991c77e
SHA512 aeb37090e274ddf77d41dabc2ac98fc703f2e31d75719ec3ad1a53ed6a53e5b3af2bba4667a8be5b22faca0ec392111698e02187f1dd82572bb8362fed8bda35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 97e613ea2340a9e957ab0ac1fc88fdba
SHA1 a385e9d4ac15d0bdb5246e1926775ea575674c31
SHA256 c2242b7465d689050321d0ca29e87b2ad87a7e02e859eca2f66c3a09f05d7a94
SHA512 b0149f8fdef9e52071abecdcc5ac30d346eec4befea956bdc8efc1ea6080d97221e860568138f56f217e7dcb794e293a6817e13913f5eae24b2ee37d8757ea81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e4f9b6b4b20dc1ea48bf9059a1d5073
SHA1 4cef6444e0470e4b3b8c0c45ec941e48868bf2bd
SHA256 0d5dafdbc9f3089b2b832abeaade84a6795ff6e1eb8149f4db8c7352b1529d10
SHA512 359b2c578c5bbe1d4165aa0c5e80df965065d35264b5ee5c230054a39e0c64389559db0bf474752a3d1c8a28022fb1bdd649771662d5b258d604978f4d01853a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 526f674b23f52a8e23cfd856405791f1
SHA1 8357a670d0917e20ccd53a8ba9ff568fb192ac7b
SHA256 ab0959e3e730ba20142bf011697b3d1ca66550e8319df845a501599c2e4af0a0
SHA512 1a180abbd62349cfe917507d357b70d9284410c08bccbff779b4202045bfa387389987c52e2f25cd677a7034839ca2badff51f0164cc7debed3e8973031dcd16