Malware Analysis Report

2025-01-02 05:07

Sample ID 231111-kavakacf5v
Target 418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f
SHA256 418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f

Threat Level: Known bad

The file 418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Mystic

Detect Mystic stealer payload

RedLine payload

RedLine

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

AutoIT Executable

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 08:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 08:24

Reported

2023-11-11 08:26

Platform

win10v2004-20231023-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe
PID 2108 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe
PID 2108 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe
PID 2232 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe
PID 2232 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe
PID 2232 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe
PID 3524 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3572 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3572 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2556 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2556 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 3876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 3876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3524 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3452 wrote to memory of 5352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f.exe

"C:\Users\Admin\AppData\Local\Temp\418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16275007290459281098,9277529513508453318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16275007290459281098,9277529513508453318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3059586405393467920,7023245103720988115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3059586405393467920,7023245103720988115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13637718592854505346,7328123734926248674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13637718592854505346,7328123734926248674,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13968637249309362824,11320668718678059583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13968637249309362824,11320668718678059583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1127099021214266780,14530054936263455765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff843c946f8,0x7ff843c94708,0x7ff843c94718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1127099021214266780,14530054936263455765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5440130283408726913,3151774435957262351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,993388144478466534,2348240600105882528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2FI7191.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2FI7191.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3PM34MD.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3PM34MD.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7928 -ip 7928

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18284720974561907941,5387346463171382892,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 104.244.42.129:443 twitter.com tcp
US 157.240.5.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 3.224.228.139:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 93.153.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 139.228.224.3.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 192.229.220.133:443 video.twimg.com tcp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
RU 5.42.92.51:19057 tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 rr3---sn-5hne6nsr.googlevideo.com udp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
US 8.8.8.8:53 72.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe

MD5 7690276e7c512ce5383376c4e87acf92
SHA1 d805037ed2e3c2108d320795827700285b52620a
SHA256 82a9724ae7885271631ed4d5fa10e4354d1787b2349b4d61342e4ac2adcb4a7a
SHA512 93f57743b75318d3767923e43bd10ec50384935efccfa64f9bc9924c0ed4dbe42cda34b6cd14e850518cbf4d6b14a2446e0b26fe2891d6873a276af1d635aee5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XD5rk71.exe

MD5 7690276e7c512ce5383376c4e87acf92
SHA1 d805037ed2e3c2108d320795827700285b52620a
SHA256 82a9724ae7885271631ed4d5fa10e4354d1787b2349b4d61342e4ac2adcb4a7a
SHA512 93f57743b75318d3767923e43bd10ec50384935efccfa64f9bc9924c0ed4dbe42cda34b6cd14e850518cbf4d6b14a2446e0b26fe2891d6873a276af1d635aee5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe

MD5 a142752d912ea50890adcc398b75c279
SHA1 4550a472b0d7a3f3231a9efbfaa6837fc67c40c2
SHA256 c1c6dfae4022382ed0c5089e13198b01769ae4717979e8ef3c6835ae045939a0
SHA512 357f8a199a9ae5ca98c637f424d43391d773dab3802f333bff28d78b686c9f4c5e4a74489d85eeff36c5a0f701806d7cf3644ddc966069e7f4482f27dc2c0458

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vG83eH5.exe

MD5 a142752d912ea50890adcc398b75c279
SHA1 4550a472b0d7a3f3231a9efbfaa6837fc67c40c2
SHA256 c1c6dfae4022382ed0c5089e13198b01769ae4717979e8ef3c6835ae045939a0
SHA512 357f8a199a9ae5ca98c637f424d43391d773dab3802f333bff28d78b686c9f4c5e4a74489d85eeff36c5a0f701806d7cf3644ddc966069e7f4482f27dc2c0458

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_3572_OHKBTUCSXONYNLDU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_3452_YMZDQLOQLWREBBZJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2080_LNTJUDDVFFWEWRMG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2556_LZSCLLRDCCLHMSZC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1156_TMNUBWRBCSHHSBNK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_3284_WDPKLUYILPBPPMUU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c004443c781274a50a8d544505b5a5f
SHA1 39ec284ff954acd0f6c9a28c8dc6f6c9309762c3
SHA256 12012c64271c7e55bd5a1a34112038eb9efe612a1e060f56b962d5917bdb3abd
SHA512 84a99279b31a134579cbe00ac64a2336b679744d997c86c0ad3afb31f9635075a27c9631ca2ff783698825802b0f5f05b1917a188db9ba0e1dca7c589fb42d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c004443c781274a50a8d544505b5a5f
SHA1 39ec284ff954acd0f6c9a28c8dc6f6c9309762c3
SHA256 12012c64271c7e55bd5a1a34112038eb9efe612a1e060f56b962d5917bdb3abd
SHA512 84a99279b31a134579cbe00ac64a2336b679744d997c86c0ad3afb31f9635075a27c9631ca2ff783698825802b0f5f05b1917a188db9ba0e1dca7c589fb42d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27e18d7423f18324b1499e905a4d292a
SHA1 79a2f5834300c40eaa1db35d290122fc55fae807
SHA256 28d1737b8d971b4e6c2b1b38f30aeeac2db65602502777a816564c084d62e7c2
SHA512 ab219933f360357111951daa21a8a0959cf443ad5c7d1f76ee4e772ec339648b0e6ec05594351067c199286358c2d78c7b3b49f07608a5a738fd37a9476b136e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d2aa67e37835ff3895fa77a02966b10
SHA1 fc38d5aa024c148bc56f85e15659749f9e5dc2c7
SHA256 6cdb575e35757bc9781df770d8a3e26a89990cc4549315ff45fbc83f763ae5fc
SHA512 9e02ea7695bc6247fe4bfd7a9f0544c4bc84491abc61adee943513e170c89bd4a407d31c1af386d9ee8b3335ed3bccccfd99c54cde8155749776740176a8d831

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27e18d7423f18324b1499e905a4d292a
SHA1 79a2f5834300c40eaa1db35d290122fc55fae807
SHA256 28d1737b8d971b4e6c2b1b38f30aeeac2db65602502777a816564c084d62e7c2
SHA512 ab219933f360357111951daa21a8a0959cf443ad5c7d1f76ee4e772ec339648b0e6ec05594351067c199286358c2d78c7b3b49f07608a5a738fd37a9476b136e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a6eac18ddc16450b53d7a274a3331f26
SHA1 ee5ffe8e90dbaa0d32973fa7ed75609998bbbef8
SHA256 9eb38fb315e48d4d0a1ee9ab5c3df736eaa79ddd614bad262c9d45a16ea54dda
SHA512 3eb349821150370fda09a6c84be1198b19071117edc3cd08a22d4133ff644207559b0054490cf7b40f7b1864a86ca3912e3611d48b6b4d78d87c778edcdd1601

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d4499d7908869a055c8df693c1a503c9
SHA1 4bc5b851dcf8f03398db7d5f606e1291cd7afa2f
SHA256 81c586180b82b132191626a3d8cf21ad15ae9a7de6593a2ad3645aff664f64b2
SHA512 753b0db336635ae08535cfcea94850c0c2388ca263fc8ca6fede8cd413508b1cfa85bb096ebc1d23c0c4576b93338d29a3f6b553e46130fc26dcd012351f9f55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7614ae3301abe511525a6b391e7acf04
SHA1 f9cbaee58b83130d2aaab5dba4615856fd8aee7b
SHA256 899c09aa8ab30533ad8995f1ee58894587ff50e61cbdb3c8cbd4d67bc735c30f
SHA512 2bf1514e9442ee74343f2d00c604a96882917538906607ccece6e5d9bbd4eba6ece04e3302f8fb67e7fcd488ecf20dea040de6dd12b25068ccf4c8cbd607f82a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\621824f2-32de-4e71-9691-aee4945e3326.tmp

MD5 7614ae3301abe511525a6b391e7acf04
SHA1 f9cbaee58b83130d2aaab5dba4615856fd8aee7b
SHA256 899c09aa8ab30533ad8995f1ee58894587ff50e61cbdb3c8cbd4d67bc735c30f
SHA512 2bf1514e9442ee74343f2d00c604a96882917538906607ccece6e5d9bbd4eba6ece04e3302f8fb67e7fcd488ecf20dea040de6dd12b25068ccf4c8cbd607f82a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d4499d7908869a055c8df693c1a503c9
SHA1 4bc5b851dcf8f03398db7d5f606e1291cd7afa2f
SHA256 81c586180b82b132191626a3d8cf21ad15ae9a7de6593a2ad3645aff664f64b2
SHA512 753b0db336635ae08535cfcea94850c0c2388ca263fc8ca6fede8cd413508b1cfa85bb096ebc1d23c0c4576b93338d29a3f6b553e46130fc26dcd012351f9f55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d2aa67e37835ff3895fa77a02966b10
SHA1 fc38d5aa024c148bc56f85e15659749f9e5dc2c7
SHA256 6cdb575e35757bc9781df770d8a3e26a89990cc4549315ff45fbc83f763ae5fc
SHA512 9e02ea7695bc6247fe4bfd7a9f0544c4bc84491abc61adee943513e170c89bd4a407d31c1af386d9ee8b3335ed3bccccfd99c54cde8155749776740176a8d831

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f818de7826580a62d7b9296712eefd5f
SHA1 118d5fd7c98490342a91e3dcff870ed910d20cea
SHA256 d53e569a62acd36fa179f8b9994c6aba649d1a1f93832bf8d3e790d34e261590
SHA512 f4d13a5b38dc8be15bae45f9074362ea95b0b00682300e2f611b0d4efd71bf562ad1a59bc11726318cb35efbf8882df5f0959b5e686559a03e582197336f7942

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a6eac18ddc16450b53d7a274a3331f26
SHA1 ee5ffe8e90dbaa0d32973fa7ed75609998bbbef8
SHA256 9eb38fb315e48d4d0a1ee9ab5c3df736eaa79ddd614bad262c9d45a16ea54dda
SHA512 3eb349821150370fda09a6c84be1198b19071117edc3cd08a22d4133ff644207559b0054490cf7b40f7b1864a86ca3912e3611d48b6b4d78d87c778edcdd1601

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7614ae3301abe511525a6b391e7acf04
SHA1 f9cbaee58b83130d2aaab5dba4615856fd8aee7b
SHA256 899c09aa8ab30533ad8995f1ee58894587ff50e61cbdb3c8cbd4d67bc735c30f
SHA512 2bf1514e9442ee74343f2d00c604a96882917538906607ccece6e5d9bbd4eba6ece04e3302f8fb67e7fcd488ecf20dea040de6dd12b25068ccf4c8cbd607f82a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f818de7826580a62d7b9296712eefd5f
SHA1 118d5fd7c98490342a91e3dcff870ed910d20cea
SHA256 d53e569a62acd36fa179f8b9994c6aba649d1a1f93832bf8d3e790d34e261590
SHA512 f4d13a5b38dc8be15bae45f9074362ea95b0b00682300e2f611b0d4efd71bf562ad1a59bc11726318cb35efbf8882df5f0959b5e686559a03e582197336f7942

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c004443c781274a50a8d544505b5a5f
SHA1 39ec284ff954acd0f6c9a28c8dc6f6c9309762c3
SHA256 12012c64271c7e55bd5a1a34112038eb9efe612a1e060f56b962d5917bdb3abd
SHA512 84a99279b31a134579cbe00ac64a2336b679744d997c86c0ad3afb31f9635075a27c9631ca2ff783698825802b0f5f05b1917a188db9ba0e1dca7c589fb42d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d2aa67e37835ff3895fa77a02966b10
SHA1 fc38d5aa024c148bc56f85e15659749f9e5dc2c7
SHA256 6cdb575e35757bc9781df770d8a3e26a89990cc4549315ff45fbc83f763ae5fc
SHA512 9e02ea7695bc6247fe4bfd7a9f0544c4bc84491abc61adee943513e170c89bd4a407d31c1af386d9ee8b3335ed3bccccfd99c54cde8155749776740176a8d831

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d4499d7908869a055c8df693c1a503c9
SHA1 4bc5b851dcf8f03398db7d5f606e1291cd7afa2f
SHA256 81c586180b82b132191626a3d8cf21ad15ae9a7de6593a2ad3645aff664f64b2
SHA512 753b0db336635ae08535cfcea94850c0c2388ca263fc8ca6fede8cd413508b1cfa85bb096ebc1d23c0c4576b93338d29a3f6b553e46130fc26dcd012351f9f55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27e18d7423f18324b1499e905a4d292a
SHA1 79a2f5834300c40eaa1db35d290122fc55fae807
SHA256 28d1737b8d971b4e6c2b1b38f30aeeac2db65602502777a816564c084d62e7c2
SHA512 ab219933f360357111951daa21a8a0959cf443ad5c7d1f76ee4e772ec339648b0e6ec05594351067c199286358c2d78c7b3b49f07608a5a738fd37a9476b136e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a6eac18ddc16450b53d7a274a3331f26
SHA1 ee5ffe8e90dbaa0d32973fa7ed75609998bbbef8
SHA256 9eb38fb315e48d4d0a1ee9ab5c3df736eaa79ddd614bad262c9d45a16ea54dda
SHA512 3eb349821150370fda09a6c84be1198b19071117edc3cd08a22d4133ff644207559b0054490cf7b40f7b1864a86ca3912e3611d48b6b4d78d87c778edcdd1601

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1412effbab8011fb6fa6bd49e45317f8
SHA1 4cceff180198e1e6f17a064ce802a5c8af789886
SHA256 1a81cf2a38e690eb50af1afea22b47b6c090b10af62c5cad64035463a2131627
SHA512 50652ed3275a855fdf47463efbffb0ef07dc0832b477b84f902b5b72b65a1b027e08994b58b7e543f92b0110b32d634513a3ef1b25ea7735d9cd9da6376334b0

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2FI7191.exe

MD5 e08afea4aa749c1e5231f51705d03ac4
SHA1 26861c212c3514c7773bf2e6c725ee9a5d943883
SHA256 c50721d6be14c7dd83969b6bab37700ae4168d6b3a20ff4fb4477b9619c96da3
SHA512 1e00d5c3a4576e03af041474ee2f611c4267642c9dd2d32a2d30b33619f5ea09380324d83daf80765dfc35389ba7ec0bb282be627ce6c20c7e61bb3a84d1e216

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2FI7191.exe

MD5 e08afea4aa749c1e5231f51705d03ac4
SHA1 26861c212c3514c7773bf2e6c725ee9a5d943883
SHA256 c50721d6be14c7dd83969b6bab37700ae4168d6b3a20ff4fb4477b9619c96da3
SHA512 1e00d5c3a4576e03af041474ee2f611c4267642c9dd2d32a2d30b33619f5ea09380324d83daf80765dfc35389ba7ec0bb282be627ce6c20c7e61bb3a84d1e216

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0abf5c550754ba72048321157e0e65c3
SHA1 addf376e2b04f5acbcc0bce7df1ceaeb03e21f89
SHA256 b93e9cb06719dbdf91c008b7e62200952839bde7edb934144a4b88d1703f1d6a
SHA512 96fecae26c0730bf7c5807c273c4954e12063b61e4024e4a397e63061ec989a8abd9dcf588f584d6ce6f6701e1fe4c20cfc9db8eb61c5f52b33f81edb0b2dfa6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 016322d0d7bc9b7223cf8138ce192170
SHA1 26f40c7e3e1b49ee7b9f401a16c9d8445cddca0c
SHA256 db30a0e29229aaac9506224c06b952ce85f613c7a7f2b3f4aa5c636e3f0d05ac
SHA512 35a29026c837c79c25234aead75c516b89288d9badd35a87565f690089df6606edce45304ae1586db561806046b008568d7da7fd94efeb83dcf61191feae8182

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/7928-333-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7928-334-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7928-337-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7928-335-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0835347fb361e7075f52b5ac9e23aa10
SHA1 a516655169fcc4b8537b6bdd2ce4bd8fcf72143f
SHA256 ac32e3f0d8486e2ec1c8d4bf27553acfacc9b555674713d54708c16fa1c7e9ca
SHA512 c3c32c56cbec5c9f6ffec0c09d7ef5072bdc298b1b9c00fce36d000083fd403818b32a3ec8c985550d15301c657492dcc54d50d9e408a5378691c7d1eea047d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cf2a2890f4581a534f3482555d0097fc
SHA1 b8c0729402bc81c38fa3c9bb3375349b1941bf10
SHA256 f9c3d2c3b1d7b9e4ccb360d2f8895cc2bcaef2a69d090253cddf4af7e047635a
SHA512 bf9606451cfe51afd6daafde6f808daf4d31a43a067b0897eb8d42545af7b4fe7ed7fa3d083cd6f3805199fd8bb30dce0740e1b3eac6d29f1ee8cb721f949b3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586210.TMP

MD5 993ea4b3520bb32507de611a4e6c24a4
SHA1 620751ac0a5f6e96a800610a78381f4499df7122
SHA256 296efec082dd83df7b06aee6b7a4c4a9031260482c709d743828efa302d7fb48
SHA512 cb424a38ced0b7254c8ae3c5a1ff45c2b0d3387bc1ee57f224d73b1982eaab06b8f9d1bc5563a6e737015bac2d52626fe891931b235a41a3b973238534387be4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5784-383-0x0000000000400000-0x000000000043C000-memory.dmp

memory/5784-385-0x0000000074F50000-0x0000000075700000-memory.dmp

memory/5784-386-0x0000000007FB0000-0x0000000008554000-memory.dmp

memory/5784-387-0x0000000007AE0000-0x0000000007B72000-memory.dmp

memory/5784-392-0x0000000007D50000-0x0000000007D60000-memory.dmp

memory/5784-396-0x0000000007CA0000-0x0000000007CAA000-memory.dmp

memory/5784-476-0x0000000008B80000-0x0000000009198000-memory.dmp

memory/5784-514-0x0000000007E70000-0x0000000007F7A000-memory.dmp

memory/5784-516-0x0000000007D80000-0x0000000007D92000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a93ef35ea32dd5ad7388910ccfd90f39
SHA1 306cb29f4d4424fd757d4a87fe4d3b27ae5be9f1
SHA256 510dcb1021dbd2b3ea30e127e1228a2e6dfd4d30792a207da79bc22bb45acbe4
SHA512 68bf05bfb10b4273f51adaf3a9e560b4eaa6a82377eb70658201eb0952c0e5874a541261415c054260b3fb30003e3f9de9042918d912a917617abf0a9cb9f1b9

memory/5784-533-0x0000000007DE0000-0x0000000007E1C000-memory.dmp

memory/5784-536-0x0000000007E20000-0x0000000007E6C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1e57389cb67585c1cbf24e6051a934d4
SHA1 60fd74b4ff1e4217cc6ed0f0485eb8bba0744279
SHA256 65db9d203768c1b92372d85ae9ab8c5782ec2a8f307be70bad68c6c662472060
SHA512 d82cf71cddc4ce5c3d0bcfa250b419c446def398b09340c5c7d186f813ed10b2a2eb8ed55803c5767791d2a69b66e8570ebc13503679c7ed7c178532ed2c3528

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3197286dc694cb6da650e1630a906b16
SHA1 ade7d5687937176c8bdc180b44278727ffceb20d
SHA256 037e3d8fb6cfba920de58fd71126895fc6e32043522d339b25de29f501b6cf4c
SHA512 4e4989e5e1bca2e553c3b4bd784641618999ae64632f16414b776e04a5a116d4e7283295f084453ea79878373d2fa4f6bc3591d30253aa34c4ca11e2ec03c5cf

memory/5784-752-0x0000000074F50000-0x0000000075700000-memory.dmp

memory/5784-770-0x0000000007D50000-0x0000000007D60000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 6cf0323d5afe6c7c0b62aa072dc78dbc
SHA1 7a83faa744dd290aee1c3733df0f61f853745293
SHA256 74332d780a0f59695900e1e95d1d00c5596e2e2d1aec34f068d0cd2e153fc9fc
SHA512 eb5e27fa8d015839265f86343fb5610ffcd7d918c6cddc0ed59be1a83a4793b6d6fac81145e83185999a030347ca1a438b73f850073ab86870d98cce921b8334

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58e654.TMP

MD5 225ee1aa8cdef9ee135299e30d4ebe04
SHA1 1d219ec836c688eb6b1ca46f42cf807b2e9595c2
SHA256 353148674e4d699a6df3464546f5dcf6a08c38e193e20af5491a467c2cfe7ea4
SHA512 2f88c48a47fc311a8adfc126cd9e2ff817436598720bca323e73cda8246ffa5a034e4dddee52af1078226d96a52aa19167f28e28f8c64b31933766fb1ead613f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 549104ca94fec54b6c9425767333f9da
SHA1 77f20b6052ad10a9259511f0b346128e3c399d07
SHA256 bbd8bc859195383671b7611875a2f2ace657306bfbeab08f7c48325338f1e966
SHA512 d966b24d245aadc66c4e5f8be0c9e517252f5ea2eed63a73b9b7d4325f50863b4100f4d223c6381fa581ccbbbd6f76d0bf89cbc43c16c7b02205abd32f13ff13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 edab79d709c95ba832088fd35a0eee17
SHA1 7ae5870781a901b7e272f94d7b9c9aecd007be18
SHA256 b07df9b9e6bba83d6ce11429142ccaf5b066ea553e83195c5943b88d8b03c3e1
SHA512 1535eb97d653c591431221edc6c2de9cbdcdb6f7d16fd268cdd1830ca3a97693952dbf9ce4bc0df54f034ef0ce02ffe0c2d903f2a303d5ac35bdd3b7233fbd05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8e3c8ce372208b3e85d3d5e862a93b01
SHA1 67e491bb38c9456253af8e8ceafc0d59381a6778
SHA256 b26c1d87e01b5d0be14bb3014fdcd0e9a3e73549598f816e4e0ed3e177b40bee
SHA512 390764958536522c287b0cfdd158f9c32e93c2dc547f86e44b7ba2dcf1655d1d1653b112e207c4d5011166fc2834b2cfd0b790e775789c7f4bc34a9808a695bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2a3df2e58ac7ad4cdd5c6cb8dc0636bd
SHA1 12c241ba34688f86cd4e5a72569aa7457b1830e3
SHA256 cb5463fbd3808e412e03afd6b7335bc356b8278b32d0b7ae80ffe827f9c5e046
SHA512 d7554abbe6c1e09b14d3df08caf593ee52e3d8e062688d0d862203a992ce7b5f4d32452b17be998b558961dc8a6d4adb6a855e023b9d35af67cbf03235b60528

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\86589427-923a-40e6-99f0-d9da6d06357c\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e0a76724dd3f91f5645018b012b1f6d9
SHA1 f1235efb875ff11eea7426f6352c3f0dbf28d3c3
SHA256 953e7390682e3753b27a6945a98d15f5f35db5c33b30eb9330bd191e1366c80a
SHA512 90df9657c4d8e181e943c448c93f9e03d3538d1dbc43782b160aa58e340cffef9ef466efe3a401fa0059b617980a79101fcc2cc9b5e7baf8f4135c408de4a58d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 39264ff73148be10e574d2a280abfbf8
SHA1 5ba6ab0499cf7fadedc44d960b737537649df911
SHA256 c8502997088384d634cc667ed05f80a14b3e77de55a03f072b2a1f4491f90964
SHA512 c581a80db839350db0f2d3c00dda876f3e4747fbde0f28b391893641b4de439dd477d3f17c1f11e9fb6673e69fc0d42a74fa846f1cc232ca9d929b6b45164c1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c9a2cf469baf731a6feccf038cf3c94d
SHA1 6714803cf1ac371eeb3fc4bad2242687b55d4733
SHA256 18d570dda3296f31f3a11095be17beb0ef3ec7ed6cf3e7b31046f985b38a6aae
SHA512 713254dc7502549aac7550f38e87ccd2c194ba74ccee0328bde0b99d5ef2dae157d50a87ce6e76e6e04a8ffe7f46f2454c07b3eb47b9ed65d212c7d05b256c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\ad04bf07-94cd-405f-a116-38d6ce9c39a9\index-dir\the-real-index

MD5 38aac2e8f2da498611fe8527ec83b517
SHA1 01013d25c4de439297cdba9cc1ba93547eb5d60d
SHA256 1aa33aaab6eb8b924eb8ad97ea9c63c29a1666cf2262bff9dafc1891e6cc3d0a
SHA512 0c3b82b5a8734fb26cfdd54315b4e18b9a58a0c8b5f0c2a0108de1cbf59e7730ae10e8f50cb386f9156601f86ba61117b128bd5b30c2d70922432961577fe400

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\ad04bf07-94cd-405f-a116-38d6ce9c39a9\index-dir\the-real-index~RFe5937fe.TMP

MD5 8b340cb974e7a333ee69580ff161f0dc
SHA1 e9af13473876e6250e6ef8b3c900cb32ee54065e
SHA256 2d87fbceaf9bf371c557b8b65abf7e92199abfd0665b2ec52f5d115c25b3937b
SHA512 21922269b885c3a75827d04f928ac5321cd252ede7ab9e62b7b3bd9fac3a61470222b8438128c0cd955867de20fe58c5c934b30cc605a8f2cae2ad514720b07c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a676be70f6dbdef2b6dccd50bd1fc4f9
SHA1 0d0f4f78a00d6f97c5b141737750931a368f194f
SHA256 40b41cc06edbbfb8164d40ff672e2a9a078274fbc393ef77cf572ee8c0f16dce
SHA512 04a65f38bb686d3cb8b4a95b5e870db1cbfae5207a43501ce2a193781861d5eebd838dc006c7e2f2203a836f930dcd60713892868de9c9aebe15cccaca2b3c49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a40bcd06-cc9f-4923-9092-0ef78c674ad3.tmp

MD5 c8808e384c7c833924f5e89944500213
SHA1 aa0953c2bfa4bc023612ea6bfdf4751d82f45293
SHA256 7d4cc13bd7d73844068aa98f2ff331b155641874a10e5e1b89a1b57c15c992e2
SHA512 54fe24c9126f01a264a6f61c86856a192f89f72712757a395346b2a80cbfcb27b5c25834626310823d13aab8a81fd8195a6d5f21a147d4eb32eed5247985dc55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aef9eb6369a0e829f94652431f23873f
SHA1 40f1dc10fed11f6f091652bbb077542ed4f574ee
SHA256 8496ffe09bf75b11cf8f609cc59ee8d90e465525e25562d7fba67fc95972798f
SHA512 47e43108a08e7f86e39eb86fab91183c0e7f25c5ecbc3ec7d27d77cabd8765a46604a408c60ac03ebf4340187803defc7b241d3516af75a8e37d6de27c69e631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59679a.TMP

MD5 1ae05f32848fa4bb139901d7542bf167
SHA1 c8780bda7898611d9f0f0ffd2d1d047aef5ecb7b
SHA256 dd6d91d9ecf63b2ecb4e19395d8484c3396bb14f3756194e89a104e37d5aa4e6
SHA512 956fc38c2521e73f53ef968ade5dc379b33d5687f415a4a17993556143b7751ad7eb47b59e438a2c2a1b12f8f9bdb41a380be2939cdbb9d3eb11dac0ba32e522

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 48533d6749766b6e6d80f57943635e49
SHA1 77cc5d50f1ba680c41d76982c435dd5154113a28
SHA256 0f41b5d1172a07a1402f03208aaf3d60f6699fbb77a8b0eb5b38c82f4a985653
SHA512 a9f18079173db259bc3c7334d492061cfea057f114efb8244b79ed2e941fcc640ccbcf4db0ea29713a0b66a85265255cf1eb2820f6804ccada764075cdde894a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d2aa32c1064571038948521570e6371
SHA1 d81b53ec4f3a4b9c5a4d1e5921a39348d79a2144
SHA256 c8da4bbee032169b043c6aefe5d2d7bc3a2094b85b5167432280742e3bc278e0
SHA512 55f273347b958f67b73c9427251d72ce8290ce6c503fd352a545e733d1994168a7c09d51361a104e37f9fc9b039339a247f9d90d0c613e5c45e96eafa7b10b9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12d465ce-78c8-44e8-b8e3-15fe80117ce2\index-dir\the-real-index~RFe597d54.TMP

MD5 a69bcf730bf838fe746f45762ea69d9f
SHA1 e6c9b51aae0e46cd873f8bf1acfde0c19d92fd4d
SHA256 2e77543c8fbe04abd82fe8358a9e94725519f98d166367351fbca1d11f99552d
SHA512 1cae26ac5bacae35eb5f80d8873b5efb873e1482c6fc70394098026ea98823418a1db715c8df7357ea2269fad4ba8fc985897e53005fe5124d70cf491f3b91b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12d465ce-78c8-44e8-b8e3-15fe80117ce2\index-dir\the-real-index

MD5 0da698e3e499e416237b804d50faa839
SHA1 18e552b6ddba09644235e5c6b2bcbb705ed37489
SHA256 82fb56872f2b6408ada78695673cd96bd01f652e8deca158c5813dfa878f1869
SHA512 ebef9ac822aefaf6b937d7ca3540dd31ab97c113ab5e3843b25f2b3cdbe561edf5b44c5cb4d574fb48cbe825b013a438d89f1b95a9b902c528d4743efdf0a367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 084457e2fd705cbcf90d390d60c6c67c
SHA1 62316e96dc43e4593ef9c4f2219f3e524d8690f0
SHA256 b31967f197b615cfe3623c2b4f0e6ffc1fb4858512ac3e41c482d71860616de5
SHA512 65b82b4c8ae1d5ba5b6b8da5fad1e7e95957c052ea7d1bb986a4c80a6b2dfc32518b799e6b00b20cc65c1081f4bfc073931d49d2306c38f24cdabfb68006ba97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bc13ee02-7b6d-46da-841f-c49bbd3a44ab\index-dir\the-real-index~RFe598e8a.TMP

MD5 6deecbcf23ceafe1326be7212c422cb5
SHA1 12e3f3e60f5c10bfe1bd62a4cb911ca2ef00eb3e
SHA256 d0aa3d2310efa39398c9df7658652c8d2264133b61d1359fec759ed67a73166b
SHA512 a237fd430e5925d5a326cf3f86e04c38c0a35c8899274d186a0f0fbfea0f6cd2519484031e459b88f4b0dd389143db28a4a7e77f69e42b6940ebb3d22cfa3a96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bc13ee02-7b6d-46da-841f-c49bbd3a44ab\index-dir\the-real-index

MD5 92ba474589c1438a250266f8cbdd2945
SHA1 2f85646dc47fd76b3ac01335bddd3ae4555498cf
SHA256 79e13e19a969743e4b23999acfb663dadb4b24830066583c8dd629777f779734
SHA512 d38fa3dbf04debe7fe9dca76467072756d525a8422dae858e2cafc1b13bae9eea5a39b34a733c5a00b0b410f7161dcc2376522c5f94d71c511e3237fbbaaaae9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 58fd5925617b0be4c4714194fc1d6ff8
SHA1 507706a9c594b07d8d5ef43ca48e4349ba5a13d5
SHA256 595dc0ccbe83449522a144263f694bd470a7a3c4833d28d901a2bc2ffc2d87a9
SHA512 6a6b01260d802c2af3b6d213581bd726b2216eb5121bdfe552bea0fcc98b88e8ca9b95172b7768ddee92e4f8e42be6f0cf1c5045a748d37e7d9804b93534dca4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 67e4588dd0a7145849a79187a358648d
SHA1 c5be3a359aa105f0568207095d0dee19d36bea05
SHA256 4e4a7758d4e32159290f40d6530981016a30d10cc986cc4d23887161f1a7e8a0
SHA512 eadcf01d8cdd8ff515c183c5316e65f9546cd9f5a663e57dafd5582d542f39a3d530333fcc098da826d996156bf5bd459f1505514bf4cd2cc71b29bfb2a7a946