Malware Analysis Report

2025-01-02 05:24

Sample ID 231111-kgtbvadf74
Target d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5
SHA256 d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5

Threat Level: Known bad

The file d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 08:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 08:34

Reported

2023-11-11 08:37

Platform

win10v2004-20231023-en

Max time kernel

149s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3668 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe
PID 3668 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe
PID 3668 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe
PID 2260 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe
PID 2260 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe
PID 2260 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe
PID 2008 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4796 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4796 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5.exe

"C:\Users\Admin\AppData\Local\Temp\d2c3332fba4108497746331a10bec457df1d3aa04bf0ac760679b5cf84dcc9a5.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9540468409161301043,13517945681771579804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9540468409161301043,13517945681771579804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,10828110837594205225,8372919179893587440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8277880644132290827,7323206683902420146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc617a46f8,0x7ffc617a4708,0x7ffc617a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WE7520.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WE7520.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7516 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Vf22sf.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Vf22sf.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6832 -ip 6832

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,11653568006939251544,15985705818876658712,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 twitter.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 150.240.123.52.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 184.73.197.72:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 72.197.73.184.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.197:443 t.co tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
US 151.101.1.35:443 t.paypal.com tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 138.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 js.hcaptcha.com udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 104.19.218.90:443 js.hcaptcha.com tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe

MD5 e600b84997bd07db6087ef1bd8b10a71
SHA1 8f0d6867bca345f1d3792aa8e2acb002a5e2240a
SHA256 1a2692b6883322e36349f9bfec9a2389c4c988453af4b9a4887c6167c9b419b5
SHA512 fed5f0bd3be90b218aa40d3fe996eab5aacc5203d392f62576dbefe0756cdd61a9466b854a0500a259394c6c725e377c223976a3302adb669292cd4bd64224a8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Mw9hu87.exe

MD5 e600b84997bd07db6087ef1bd8b10a71
SHA1 8f0d6867bca345f1d3792aa8e2acb002a5e2240a
SHA256 1a2692b6883322e36349f9bfec9a2389c4c988453af4b9a4887c6167c9b419b5
SHA512 fed5f0bd3be90b218aa40d3fe996eab5aacc5203d392f62576dbefe0756cdd61a9466b854a0500a259394c6c725e377c223976a3302adb669292cd4bd64224a8

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe

MD5 755ce6553276ef7f793323bc79a997a0
SHA1 96c025531f54d8b4dc14b8a089b1f38abbf5d02a
SHA256 5e41bd1cd1dd19a353a2c25052b986272c4caa9cfba456b11cf2182cffa0f82d
SHA512 36cfbcdaf73fcef1e077a0eb81a6adf48f3a8429a8fd0f3ab4f3d492811d0b8a7e2724c1623cf3ce0d285655d6beb5401372935125e10885d5ea7696c14789ec

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1jx04ww2.exe

MD5 755ce6553276ef7f793323bc79a997a0
SHA1 96c025531f54d8b4dc14b8a089b1f38abbf5d02a
SHA256 5e41bd1cd1dd19a353a2c25052b986272c4caa9cfba456b11cf2182cffa0f82d
SHA512 36cfbcdaf73fcef1e077a0eb81a6adf48f3a8429a8fd0f3ab4f3d492811d0b8a7e2724c1623cf3ce0d285655d6beb5401372935125e10885d5ea7696c14789ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_3188_UZTPSNGANFGQMEZP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2784_NAMCMXSVRUNCWZHT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 546d3f22d49cebfb96cb6f11139ba622
SHA1 8745b549072bc161b1ae1d0ee2bcb3f7fb8d16e9
SHA256 5a31e5c91c8bf0af0ded6d97cddf70d07f023ff0b3e8ce3f845774264031b759
SHA512 2a365026ad1128b797200185cd5ea7997cb7fd67c1eead7e10b01205428607922cee37605dda8704b468fbf7616748fc8a19efc267ea18c14e583764a77d6cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4af87d96e4c63095a5dee4b5907b5dfc
SHA1 a21222ccbf13f353e9511cc763dd7a52e018b1c9
SHA256 cb66b443c7990c752f0369cdcf26a2ef028cbe579f2b124cc49b8d1b47924a77
SHA512 712fa7be3a457b887bdf0b45aebfa68b5cb78ea627d2fe84c0281606aab94aa88fdaa49d41c862add7243e13612a5bef6ccd38425d6ac8573c28fe597461728b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47e69d4eb3f1997e72382c86cf376363
SHA1 1019a96e573062df3c759fc5ca3e57b477cd86af
SHA256 d25cab80c4f5559d8520127b87466b1820040d534d49db58959614af58826c86
SHA512 7e4e08aff7f23599cb1ce8d8b8d87c205c59eb7a6764b2aaff0f274d1fe2a2e2d8817e16cc90e4e92c67bbfd7210ee769732c3d0d9ca61e59e77947242784b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47e69d4eb3f1997e72382c86cf376363
SHA1 1019a96e573062df3c759fc5ca3e57b477cd86af
SHA256 d25cab80c4f5559d8520127b87466b1820040d534d49db58959614af58826c86
SHA512 7e4e08aff7f23599cb1ce8d8b8d87c205c59eb7a6764b2aaff0f274d1fe2a2e2d8817e16cc90e4e92c67bbfd7210ee769732c3d0d9ca61e59e77947242784b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 546d3f22d49cebfb96cb6f11139ba622
SHA1 8745b549072bc161b1ae1d0ee2bcb3f7fb8d16e9
SHA256 5a31e5c91c8bf0af0ded6d97cddf70d07f023ff0b3e8ce3f845774264031b759
SHA512 2a365026ad1128b797200185cd5ea7997cb7fd67c1eead7e10b01205428607922cee37605dda8704b468fbf7616748fc8a19efc267ea18c14e583764a77d6cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4af87d96e4c63095a5dee4b5907b5dfc
SHA1 a21222ccbf13f353e9511cc763dd7a52e018b1c9
SHA256 cb66b443c7990c752f0369cdcf26a2ef028cbe579f2b124cc49b8d1b47924a77
SHA512 712fa7be3a457b887bdf0b45aebfa68b5cb78ea627d2fe84c0281606aab94aa88fdaa49d41c862add7243e13612a5bef6ccd38425d6ac8573c28fe597461728b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 546d3f22d49cebfb96cb6f11139ba622
SHA1 8745b549072bc161b1ae1d0ee2bcb3f7fb8d16e9
SHA256 5a31e5c91c8bf0af0ded6d97cddf70d07f023ff0b3e8ce3f845774264031b759
SHA512 2a365026ad1128b797200185cd5ea7997cb7fd67c1eead7e10b01205428607922cee37605dda8704b468fbf7616748fc8a19efc267ea18c14e583764a77d6cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01b3dd6b8afea425534c55c1dc90d4ea
SHA1 ff05db12f30cc9a8dac5a6316cc7624ac34dbd8e
SHA256 05fc7e0dd13f6b50cd445c84efe63823dcc365d70413fa2b1485b4a5207838e5
SHA512 cc415fafd2d31984372ccc78dc768dab3de30c03fc483f01393a2f67abc94eb5f143691d182c1901bdde4559ef5605b75c655db80b0d9ffc356dfb5db7448e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47e69d4eb3f1997e72382c86cf376363
SHA1 1019a96e573062df3c759fc5ca3e57b477cd86af
SHA256 d25cab80c4f5559d8520127b87466b1820040d534d49db58959614af58826c86
SHA512 7e4e08aff7f23599cb1ce8d8b8d87c205c59eb7a6764b2aaff0f274d1fe2a2e2d8817e16cc90e4e92c67bbfd7210ee769732c3d0d9ca61e59e77947242784b2c

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WE7520.exe

MD5 8f5aafa7dd19050ed7cf132c6adfc8d1
SHA1 667437b4775b19c0f5b34aaf285269582c48e5c0
SHA256 4e2a07dc4ead1bcaf7e78a5cb5580c5ce2293234abcea72c08ca4e2df04c3f2e
SHA512 e1de76c10fef72d9b4230b12d9065ee47c0aece335023d60a7b1084c121a4846cc399e55d1d80d67f90cad8289de56ed96046ed2a0b07ab1e88516c983002d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WE7520.exe

MD5 8f5aafa7dd19050ed7cf132c6adfc8d1
SHA1 667437b4775b19c0f5b34aaf285269582c48e5c0
SHA256 4e2a07dc4ead1bcaf7e78a5cb5580c5ce2293234abcea72c08ca4e2df04c3f2e
SHA512 e1de76c10fef72d9b4230b12d9065ee47c0aece335023d60a7b1084c121a4846cc399e55d1d80d67f90cad8289de56ed96046ed2a0b07ab1e88516c983002d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/6832-192-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6832-193-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Vf22sf.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

memory/6832-195-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6832-198-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Vf22sf.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4af87d96e4c63095a5dee4b5907b5dfc
SHA1 a21222ccbf13f353e9511cc763dd7a52e018b1c9
SHA256 cb66b443c7990c752f0369cdcf26a2ef028cbe579f2b124cc49b8d1b47924a77
SHA512 712fa7be3a457b887bdf0b45aebfa68b5cb78ea627d2fe84c0281606aab94aa88fdaa49d41c862add7243e13612a5bef6ccd38425d6ac8573c28fe597461728b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3b1ee2722ce833a1969661acb55e773
SHA1 82df238509b5634d86fa43042bd895f0718746a3
SHA256 eeec5df79bd33e8f354cdf52ec64c667ff7cf888462103ed5d064145b11d0145
SHA512 f02de9a393efde1bdce99e733371a169083854f48cfaf7d9a539f8e443d5008d537fbbf627db635c8e2b8f427113c19288e5c76192af74fff8a374645faf05b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4aaeea99eaf8a9ed1209713bbc533ce9
SHA1 e11896762ed5f13ecc6972f5b1bf95ad9e71420b
SHA256 61587dd06fc51c5c5f5fe47e93e03f029ec52a513eda530e7badca5f5221d3c3
SHA512 41f4ebdfbc32c55876ff1ddac9eb60f3c87cad2d47e95f3ecdf8d50e18b6b756b9b98377309072318dd67e1a233a96e9f5b784ede24543fd108f8c0d4603860f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0b8abe9b2d273da395ec7c5c0f376f32
SHA1 d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec
SHA256 3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99
SHA512 3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

memory/6896-234-0x0000000000400000-0x000000000043C000-memory.dmp

memory/6896-237-0x0000000074B50000-0x0000000075300000-memory.dmp

memory/6896-240-0x0000000007FF0000-0x0000000008594000-memory.dmp

memory/6896-243-0x0000000007B30000-0x0000000007BC2000-memory.dmp

memory/6896-257-0x0000000007D20000-0x0000000007D30000-memory.dmp

memory/6896-262-0x0000000007D40000-0x0000000007D4A000-memory.dmp

memory/6896-267-0x0000000008BC0000-0x00000000091D8000-memory.dmp

memory/6896-285-0x0000000007EE0000-0x0000000007FEA000-memory.dmp

memory/6896-286-0x0000000007E10000-0x0000000007E22000-memory.dmp

memory/6896-303-0x0000000007E70000-0x0000000007EAC000-memory.dmp

memory/6896-304-0x00000000085A0000-0x00000000085EC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584ed7.TMP

MD5 e7fc40ed004fe9f40495b220c0347fd7
SHA1 e74cad4d03ffa3797fd020e1a54077d53d875cf2
SHA256 33dae06111643286ffe2836e9263f74fd7bd622e08dee5d0146ce77cbb3a4929
SHA512 8d564fc74128b3311eb2b2760bb2bdb21383ca918b093d89b10c0e85ff43d58f42c9dbfc577828aa8a23768448caa9cf2159eb075793fe190e2e12fdd29afc70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\20663ce2-b189-4ee0-a970-5adc7f04c2a5.tmp

MD5 ba9e9d1f6fe4b2bb64e4800d92c52840
SHA1 b1a762f3d49d3407a25353a4b7380fccdfd1b1ec
SHA256 cff5bde222db0b8fc8500852549ea16b7c4dfc1c3617322de80e46d15929724c
SHA512 7b9a7c1d7d62fe3dc9faf9f6e331f4d8278ef5d80a4e710ebe62cce1abe8245506d897f5941af7fcf73b8dd4da5dec6753fea686c83488bc20bc7845d9c30477

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

\??\pipe\LOCAL\crashpad_3428_WKVIATLYUGDECNGO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1940_NKTWNOSEHSNYJWAQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b16a2ed5a523c6d59549b9459aed2313
SHA1 be2e9eb1dcead959c41a4d5e37f41b177a9924d7
SHA256 f92366a640d7891a9c89af7abd646515fc2fd3eaf0b306e33876d2096f65fb8f
SHA512 8c0d19d9e92d4872b72110821bf5f62f88ba02278ef85b347dcbcfaa9396ad0690b14a983ce9e6ae46b193ae22742c91dfee0240ce144b07b977e47b9a5ff8cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ed3502f0f08e5a67666073cb2ee9838a
SHA1 e5f5fbb8331625aa441ff525b74573a42676c211
SHA256 03d196c6c1b612089cc80cb50c86f1945ab938f6b399fbd102aac4c4b88e2a0c
SHA512 57dff4134753c04e15a90428ee2401869d7d27642ef9badeecfd78b94aac3215c0f0394a330548a404a544870bb15ccfe1cda6a1d32f2f4b3b1fe6bceabc2d9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587c6e.TMP

MD5 5b8fd057a8258c433517eb76c26711aa
SHA1 f71312f8f1f0194a1633eb05dd3619932ef29be6
SHA256 c3b3766ab660e7f7148f6c4b7021011f31a46d5a09b5655f519df70adff7ef9a
SHA512 f0c943f431c72e14a51606fae6568340ea4e401fe93346a0a6887cf56d984757d0a771fde4c5ac2f8ad4765249e60c132aac1d1c787425fb489e4d8d0e093866

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 23f54c87e1e3512f673663d8e3854280
SHA1 4734d9e605a587c150a5e382b6fe3d55a3df7a50
SHA256 696d762a77d736ad455895f54f8ca53aea5ad9c228fe03cb66c41764fa2106dd
SHA512 856aa04a00d453a1780c4c5042b044f82d3fbdeec1fc2da0ff9f58f41e49efcf2af3719a89049217eb4d9f7116f201f3945fa10d52fb17aa529dcec8f69ce201

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38b2cb24145df470b766abb39530c3c7
SHA1 3a9ca9ef128ae50f0c168a6b2548d3598d154acf
SHA256 a89dccdb898f688663e19702f58a7605fc27a8719b04a8fbede4c080c29b12c4
SHA512 295707e92d902e654c8fe5f6da6c20f5c84000a1df537d67d68273e095af26dcbd6883d01afe94477ce9b7374ba98159485f89ea5772e58851fadaf86a2c75c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 cb21d63bb7a64922e8a3907fcb9512e5
SHA1 5e48ac3950fd0f2ec3e3cb63c7edd9ed5d8e14cf
SHA256 5277d92b7dcd843fe7336c7ef2480235def3dbbca61b20e85fa5a472b1b1bc9d
SHA512 70758c2506a624fb9f2bac9847cdc74f94d643cf1671a0814fcf6308868873215f862a6902d2cd19e72ff67c78df4427e596e8be5232cd34cd066eb7d5f065c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe587d49.TMP

MD5 9e31c3438db25987a46b5a58b747600b
SHA1 dc955e1fecb4b88e0818a9f0fef186c665dd128c
SHA256 5963a669a82adabced19cfbb8ecad5cab996edc73550d6badf1a486e8b6bc167
SHA512 a93464c23b6027374687816b5958961b8a3a3ecdaf2c636e468905abad7cc0b3e7f044d41c9c4a3102c6862746b63513cc83bccfa97b092e74d1b0856fbbfae7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\834b0eac-5d31-45ce-8705-a2c5b2da4b6e\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f82f35733ba26969c2d48877dfb7ceb
SHA1 8f5a2413860e2e829ec9c5adbe716aa0e862a26e
SHA256 03dc153b5f8f72ddd60911e57cf5c0ced58f00f14d9bfc988a3767ff1a0811aa
SHA512 2c8d238c212f095d9e716e339cd81be2003ef6f71f19c19ec997fd0adb3e6ae15ba84655b84aecf95c323eb1ae95afad866a8792d88851d71abb5ea5a268a30d

memory/6896-953-0x0000000074B50000-0x0000000075300000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ddaafe82e0a3b2ea1929ecf86dd8bdb4
SHA1 1dc6036cc992798363c330b265358d2ec5521764
SHA256 79fd71c65e095aa56faa0a552d634bde4504ea1b823da6ee94bf26dbbb7dd05e
SHA512 61ecf40ce03b05844f8859a73af216a5143c37164bbde6627e7fd9c70a1fd64f6042b94bb186fbd89d0b4b2a5d4b6c0eeef29ba3f0d8426970cc0674dba42fff

memory/6896-1035-0x0000000007D20000-0x0000000007D30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0ecc078d505df4df7cda75c348485529
SHA1 cf457b1bd697a5d1eb14ac2bc1151866bd5edd7f
SHA256 cac80a5f996a75612ac33c0d882b04c643e22461a9b996655e49f1e0068953cf
SHA512 9c869fe53c323056150e2ac4887aab2691da71c13e2cd7baac335ede36eacb63da14e9df65d631c1f900749f9bdf17f639e38377c5222f67be745b32914c051b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 638159d015ae6d945a80e6a5916f2a86
SHA1 cca6ce366ade965d6cad991ff50531e91307af52
SHA256 645f3616e26d5582afb346ccf50bf4067b3e2bf0b7e4217b52f7cf565ff18947
SHA512 861d88a695c812d1f1a0679540a0aba96c8e85f171bdbaab02163947768de5d687125c2cfeafa9e34d0e11495d0ac06004fffdc5ccca9af8c3cb3c7a65cce098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\834b0eac-5d31-45ce-8705-a2c5b2da4b6e\index-dir\the-real-index~RFe58d04b.TMP

MD5 31cdcdc949568ea9b7652cb0eaefbe8b
SHA1 b059b16732108fa878303521a5490241620efb0b
SHA256 d59193fd1dc420772731f2e5276f282d68e532bdb51e7def14dc46bafb60297f
SHA512 c6e0e282885af7246d06f406fcea77a2029cc68edfa8ae0e1885186b2e5941e4a77147f36794494cc75b39e0de602e9d2ffdf5d8844b2b0eaa1365510a70d2ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\834b0eac-5d31-45ce-8705-a2c5b2da4b6e\index-dir\the-real-index

MD5 396668bb2bfaf398aa740b07ca4ea350
SHA1 093dfe3cd43c237d754a5d664dd52ad598274298
SHA256 c7fdb1ec419383de1e56fa65b3d41d4cd1187fb2b6be0a488cd7ab58e83da515
SHA512 e19c9ef6e071850db3fd6cb67e36f8cff07bf4b01fc7f80c0b9a012d27dd6c2e78fe4a5f42f186fd5d50d3de516e0cfe1118c5ff820266ac4aaea392576cc39e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 48d11d6a6114f6d60ffa38b386f3bbba
SHA1 a5f2981f1db6012e31d6f4edb73caa3c7668a58b
SHA256 d877911d0242b0630a748071305ae2d04ee10ac79950e94fd930204d968635e6
SHA512 8428070756079431508ea909b9641a4c47e6a2bb10f0726a27ad7ba66b0356477de63bfd68722b96fe0f9a1202047af11c8764cdf34616d26bebe2cafb168893

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 00254980370b7f326edf1e03d86d1134
SHA1 afdd56eb21bcd2df60728e1bd94b87669af05c2a
SHA256 6e7380df25a5791fda77da56380a2f156f22668e19812026c2cd81e8539806d4
SHA512 177f765c03310be5af1baa37ac6bc1208369ab562a694f79aad392d4029ef8bfd1159ae0ef3e86c0f230bb403e4f0876ee6f6ac8cff8bd59a5b3333219e5d1df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d48338d36c40559348004ec984b5993f
SHA1 2135cde69c2b7a2aeec7def5ce4427895f60dfc6
SHA256 5e9325a8010d2c66ed620eed8256455fc5aed3fd7755b2274ea2d774a2260ed7
SHA512 2558dcf98d89e4af2741029567ea40fc2f4db420a506f95bac3a2e2ec79af67a5dd72c0939896d92272bc9a592bdf0b4ed2aef1efa42fdcf03c9c3aacf9bbbc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e43092786d466e2e3d1d036d78f059e9
SHA1 c8b5dfa91233fff0b779d9142838d5821a2f6618
SHA256 2884494f3486ac0216492f331307fda40da1a9f201c377c9030a71ffaa2268a8
SHA512 0cdaf75b8f6885d110f60a46a99a776cf7a1b79f5b7687795e71cb779bedf401f343ef06d00eefbc3af9a257ff8980145d5cf173b7f44cdf19e41746fe6226c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5909ca.TMP

MD5 dfc692f9180f99f814ab3ae98c4a7e51
SHA1 ca6991e500f5d87739c0848d6461b0b51cb401d7
SHA256 c62a2a895ebf0b0b650847d5286f9bbadfa0f8d284d03459b8f107446d40a76e
SHA512 a39d936b43080287dbf4a0e4e158e48e0c23120cf0cc496df19dc436506c53b24b19cef7ebf14503ff353d4bc0242ab0422ea4097824b96fef0aac6defa15ceb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\408e492a-a876-425e-b6fb-2f09e44ae59e\index-dir\the-real-index~RFe59167c.TMP

MD5 c06cb076ee6b3613a9d4d1e010dd008f
SHA1 bb653aa2594f788814c858d1628f29f7bddb4c41
SHA256 97430efb5f84082f3f6596f00db95fa2a9226d9c76fa99b7ade947dde0c47262
SHA512 7e3b04dbcfce7530f0f523f943b3afd4771f0aecda35096bd71e56c971b694387285348da20fb5ed2c09da08987421c984dcf214a90c7716bae9e6c71c67816c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\408e492a-a876-425e-b6fb-2f09e44ae59e\index-dir\the-real-index

MD5 97e2a6c2629aebf4c8ac8df53d771248
SHA1 2865067dec1da2861b2d27641a2f2e3835bd5cc1
SHA256 83ced4eb2e6d0c7f452ed88966092a0a1a7a00a9286d67b1063606c356ceab82
SHA512 c8ae4c529fd5d583ef29ea221b9808be030cb969c3448707fb8fb781857eed074357f44976771a719b0a5834df698a582222761ad0e2445e4e89fc72212672bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c376b94d26176752c15e1c51d27b4f92
SHA1 c9e94dfa4a08227084e8a48604f97127b584c398
SHA256 67f6e641b0512b2dfe983a0a630e2a2ed576b8b0b1a28d7d62019b887d888989
SHA512 f63e5c4d49cf8c27dce77167d1eb642877739621a129076f56625b2ca48df6e690944b2ba7e8d33f5d36f40d1c9ae4c5676c845efa6022f1eb1ecf281949da10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd4bd7b3163735602090c156dc41f9a7
SHA1 f0d57fb96b90c144132e1b2654e4c06a7ff624ed
SHA256 175f8cd53f557e655222161e0e2a48c126c34e153625705769cd9bc7ed8fc9d1
SHA512 f7095f37094ccd3fd283abc76f65ed365ed1039c53e082dfa052c28c2a02ff35a5d5fe4a1714a00cde5cc65a3a2c56e9dbd656bcc44f3db0eeb82a7087153ad0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\42836c7e-1b5f-416e-a5d1-b6424f2a0604\index-dir\the-real-index~RFe592e1b.TMP

MD5 59259fc7b399b44a1e9cd28fda8e3d0d
SHA1 7d202d75754f409dc5eaa47b8625687959c9b4e0
SHA256 c582a0824babaf41ae37608fe4ebf335cc659267e06ab38804610826b12061a7
SHA512 36c1cd8a5b50c31e04c6fe05773485fad3b68e9ab859856245907de49ea535a19613b8aad2d1eb13ed7eceb058ad2635e894f6f144e99f88390b233c76b83bce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\42836c7e-1b5f-416e-a5d1-b6424f2a0604\index-dir\the-real-index

MD5 e1f85ecd60f99820c541d9d24af4f472
SHA1 fba5092f07c07804fb4febc84c705c57daf74914
SHA256 20505ac21b2a4291002fc5169c3fba878ae3ea47796a082379839f6fbf4ab7a0
SHA512 092d97d5a6d64ace29895b0db8d3cca76b062bf84ce024a1d216aa787c24d0629f49a4b4e6bc23b21126ed207721a3657685f39b952aef15e6fc4946fa53305f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 0256c5d6c45991e3cf0e1d6110ca4850
SHA1 2c3205be003acdbf6207646c3fde6ba95d16a035
SHA256 bf6418653ba908b19f5e3b22fe76c8856d79dca52f27af8893af1a7371291cf5
SHA512 f256b73a0028d0893c7adc05c26335d231732a51343f8e10d993073b07944cff74acab64cbedbc12c7b0195a8b84f7b26b9f0966ec66ff1eab62eec939c3b054

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 567af9ce10b5ee853b92b2b6cdb39103
SHA1 bca01d7d3e4dae0e5bf0126830c8479881900a7b
SHA256 d136bfb4166ec5a1b39ba6c2874a428e7faa956e0e7e3765117b12260debfdc4
SHA512 c081f18039b73d992ef8cb06eb7ecd70fd762d1a2f8acbd73bba98cda94c79352903613512c38864b3c73f14655e6e88d67752c0537bf6325a987f61efabffcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4d4c1b730772caf59b57571cb90ac585
SHA1 d7c6c81379d06a156aa12fd0bbf26b35dc181720
SHA256 cd3f6f492cde5b03d9817d1685678fc9616d23c2b1e2bd3480471c05b945a63c
SHA512 a4654543b995de3ca2fbb52384abdd7e03300d93ab053221e7a1b84809d9fb23d1fc004bb6b6504eb9db715a1996b3c5362553fc3bd7f5a96b6bdaadf530067a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cb90ad572a59cf3407c7ba128c572428
SHA1 edf48678c8a78e05c7900f18a077273e72d419c5
SHA256 0162cbb0372548cbca532b436561db6d1faca99af98f821f26cbe4aea84f9b30
SHA512 85e41df869f4171fe4c86927c00083865f07731d63d3756ea737135edf8fdadcc9775933807acc563cdc060a49d1e45d4c8d378bce565ef72d0fe4588ba4feac