Malware Analysis Report

2025-01-02 05:19

Sample ID 231111-kr5smacg2w
Target 2b59c6080f752ad965267461dc8bf430.exe
SHA256 ff57691d66470d2461913d6f28816d2a53f4a534f0711dd2aa62fecd1a47ca22
Tags
mystic redline taiga infostealer persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ff57691d66470d2461913d6f28816d2a53f4a534f0711dd2aa62fecd1a47ca22

Threat Level: Known bad

The file 2b59c6080f752ad965267461dc8bf430.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence spyware stealer

RedLine

Detect Mystic stealer payload

Mystic

RedLine payload

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

AutoIT Executable

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 08:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 08:51

Reported

2023-11-11 08:53

Platform

win10v2004-20231025-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2b59c6080f752ad965267461dc8bf430.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\2b59c6080f752ad965267461dc8bf430.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4876 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\2b59c6080f752ad965267461dc8bf430.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe
PID 4876 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\2b59c6080f752ad965267461dc8bf430.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe
PID 4876 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\2b59c6080f752ad965267461dc8bf430.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe
PID 2188 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe
PID 2188 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe
PID 2188 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe
PID 2088 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe
PID 2088 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe
PID 2088 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe
PID 3892 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3888 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3456 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1364 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1364 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 1852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3664 wrote to memory of 1852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2244 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2b59c6080f752ad965267461dc8bf430.exe

"C:\Users\Admin\AppData\Local\Temp\2b59c6080f752ad965267461dc8bf430.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,7460558914850098619,17937042779779708421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,7460558914850098619,17937042779779708421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11029734931642844429,7797427076381998169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11029734931642844429,7797427076381998169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,457400270152017897,180697911754901434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14873655127399141461,7755662971465505122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14873655127399141461,7755662971465505122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,16613461608957941595,15789569018679597670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16613461608957941595,15789569018679597670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,457400270152017897,180697911754901434,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa037b46f8,0x7ffa037b4708,0x7ffa037b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4vj6jg2.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4vj6jg2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17489973975871813813,15283395438866840094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7644 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5TP17gy.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5TP17gy.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7496 -ip 7496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6zT225.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6zT225.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10090726104456977973,5310202023014459264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 twitter.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 104.244.42.129:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 34.197.8.43:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 43.8.197.34.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.133:443 t.co tcp
US 192.229.220.133:443 video.twimg.com tcp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.229.221.25:443 c.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 192.55.233.1:443 tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 rr4---sn-q4fl6nd6.googlevideo.com udp
US 173.194.24.233:443 rr4---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.233:443 rr4---sn-q4fl6nd6.googlevideo.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.24.194.173.in-addr.arpa udp
US 173.194.24.233:443 rr4---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.233:443 rr4---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.233:443 rr4---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.233:443 rr4---sn-q4fl6nd6.googlevideo.com tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.hcaptcha.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 254.43.238.8.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.42:443 jnn-pa.googleapis.com tcp
NL 142.251.36.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 201.201.50.20.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe

MD5 428f2dffe1558fe05ee86b3786659c6f
SHA1 df59f36a830cc86f1b6d70c29e4dcb85853147bb
SHA256 1fabc6c70c926a52cc98984dd1ba39ba4e7f30ffaf9c4108fec8e743c2a9e21d
SHA512 7053c626493032781992b67e502b6d8eb975134327271cb3bc7cc7d7c4e611f276709b49df03557511f7eb7dbb73c4c8bcd56351a16cb7ae7374f8765045542d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zA1sA81.exe

MD5 428f2dffe1558fe05ee86b3786659c6f
SHA1 df59f36a830cc86f1b6d70c29e4dcb85853147bb
SHA256 1fabc6c70c926a52cc98984dd1ba39ba4e7f30ffaf9c4108fec8e743c2a9e21d
SHA512 7053c626493032781992b67e502b6d8eb975134327271cb3bc7cc7d7c4e611f276709b49df03557511f7eb7dbb73c4c8bcd56351a16cb7ae7374f8765045542d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe

MD5 33951ab6cc2f9c82117fc48852b6f067
SHA1 1ec7d405b4d44264767ab1029fa5433ce82fe42c
SHA256 7700fff0c87e056eec083bcbcde3b5bc43fcaa833f2f97b24b22c17b0b68b9b7
SHA512 29d4a0cdb5033e07d116d091eb2bcc8cc4069c5f85428c54e83ce50f245d300d463fc9dbc947d0841b5dda64c62290296ccda0036bf7b273f3c2608a307327f6

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ok8SB40.exe

MD5 33951ab6cc2f9c82117fc48852b6f067
SHA1 1ec7d405b4d44264767ab1029fa5433ce82fe42c
SHA256 7700fff0c87e056eec083bcbcde3b5bc43fcaa833f2f97b24b22c17b0b68b9b7
SHA512 29d4a0cdb5033e07d116d091eb2bcc8cc4069c5f85428c54e83ce50f245d300d463fc9dbc947d0841b5dda64c62290296ccda0036bf7b273f3c2608a307327f6

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe

MD5 9a7b9ce994545366de9071286389bebc
SHA1 421a68bfeae78ea59326e4b8a9510b332a09d028
SHA256 2ceed9133c07a63735946113d8ad4983d0251116a7ce6e4196e22bee88745747
SHA512 144447d0c43234a890af94de06c538bff9e34f703ee2e3f2e1aa673134a009cfeb7dae2227159139c9d1ba42a6690885af8f400b1da3be90cabef017a88a243e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3PO146vG.exe

MD5 9a7b9ce994545366de9071286389bebc
SHA1 421a68bfeae78ea59326e4b8a9510b332a09d028
SHA256 2ceed9133c07a63735946113d8ad4983d0251116a7ce6e4196e22bee88745747
SHA512 144447d0c43234a890af94de06c538bff9e34f703ee2e3f2e1aa673134a009cfeb7dae2227159139c9d1ba42a6690885af8f400b1da3be90cabef017a88a243e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_2244_YQZJAXGSEGQOXKVE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_2476_RCZZUOLPRVVIFODJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3888_JPXSOLBDQZLWRMND

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49cc549237ef69b8d3a5916b9585f092
SHA1 b66fb6655889906bede1495064be9b69e4bb4666
SHA256 329f7abd825e1705e9edebd21db0d0e7e1c602ff5c45d253746f29b3dac66f5b
SHA512 6e8aae8a6ec5d8f2d7822f60f25be450f2f2ae6e7540bd0b7ed4e208e8481aa7aa1becf627b2165c6c140d7006601de326b17f46de189b11231a0409e8e6735c

\??\pipe\LOCAL\crashpad_3456_OMKKWVGPGLIDIFFP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4046b5910a94e36c3a6e94c8b503ecd3
SHA1 75cdf8ad11425a5e902db93ad508da9549e648ae
SHA256 63bdf9fc4a02570bb39a6d87024ae2a803bf0f35f6845e1557ceca8cd7a6587f
SHA512 8f105bd9fc44c1da8996a1fc67c906ea8c64fc9904eaeb05aa2da9cc870af0c90ed3c7b7c12b7a3ab9b2e88d1b684ef1f1dcd5955ebdf22966ece2cbe95a0986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49cc549237ef69b8d3a5916b9585f092
SHA1 b66fb6655889906bede1495064be9b69e4bb4666
SHA256 329f7abd825e1705e9edebd21db0d0e7e1c602ff5c45d253746f29b3dac66f5b
SHA512 6e8aae8a6ec5d8f2d7822f60f25be450f2f2ae6e7540bd0b7ed4e208e8481aa7aa1becf627b2165c6c140d7006601de326b17f46de189b11231a0409e8e6735c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_1364_DEVZCYPYKDLDFVMK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d9ff5df2c45af404c9de3a7273edcaf
SHA1 a34827a7b32833c165dafdf5321388f5cc32c365
SHA256 c044eaf20f9444037bcf03077a537f254080adab084d0eb07ceffbd0ac631250
SHA512 955bd8b1393046194a030899e946fec21a5e3848ba94288e52ea686664782b5a0714018518c9fbf65fd18e739b1a61b0354e9ec5db9c678e0ce1cd5e2ed7a3cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d9ff5df2c45af404c9de3a7273edcaf
SHA1 a34827a7b32833c165dafdf5321388f5cc32c365
SHA256 c044eaf20f9444037bcf03077a537f254080adab084d0eb07ceffbd0ac631250
SHA512 955bd8b1393046194a030899e946fec21a5e3848ba94288e52ea686664782b5a0714018518c9fbf65fd18e739b1a61b0354e9ec5db9c678e0ce1cd5e2ed7a3cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 954726bed9f14bafa81f75aa0aaef8cf
SHA1 c5c1dd2f300e0a6f9a5cde96d8959d5dd5817dde
SHA256 4095fa0be112445d7bd5bb6fcc7212ca8a1e79e6428880980ccdc195250e99ca
SHA512 54db1567d09f2fc883e8fe996b1a0dfc160b6b7ad76d8a6dc14a6121fa3ad5f2f8d85be47cefba915ce4f8e04878b66bce456fbdd99e815148238aa2cc128443

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 954726bed9f14bafa81f75aa0aaef8cf
SHA1 c5c1dd2f300e0a6f9a5cde96d8959d5dd5817dde
SHA256 4095fa0be112445d7bd5bb6fcc7212ca8a1e79e6428880980ccdc195250e99ca
SHA512 54db1567d09f2fc883e8fe996b1a0dfc160b6b7ad76d8a6dc14a6121fa3ad5f2f8d85be47cefba915ce4f8e04878b66bce456fbdd99e815148238aa2cc128443

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f20c83531965d492bf524cf5b6ea74f5
SHA1 cef96c0986f669d329d322e43c303b3c823e0396
SHA256 4a2df463f33104e6062ca9d382fc6ca066afdbe68ffe392acfad70a6e3eb1da2
SHA512 03dbdfb6501d0aeca3fc16df8bdbc9bd4cd923509df21c37dc08fefd3eae0ff2141eb685d071f795d79b6e450f143f3b78feddf30dd67ee1e410b2199fb88099

\??\pipe\LOCAL\crashpad_4160_RFZRTSASIVCVIQPJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f20c83531965d492bf524cf5b6ea74f5
SHA1 cef96c0986f669d329d322e43c303b3c823e0396
SHA256 4a2df463f33104e6062ca9d382fc6ca066afdbe68ffe392acfad70a6e3eb1da2
SHA512 03dbdfb6501d0aeca3fc16df8bdbc9bd4cd923509df21c37dc08fefd3eae0ff2141eb685d071f795d79b6e450f143f3b78feddf30dd67ee1e410b2199fb88099

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4vj6jg2.exe

MD5 8f5aafa7dd19050ed7cf132c6adfc8d1
SHA1 667437b4775b19c0f5b34aaf285269582c48e5c0
SHA256 4e2a07dc4ead1bcaf7e78a5cb5580c5ce2293234abcea72c08ca4e2df04c3f2e
SHA512 e1de76c10fef72d9b4230b12d9065ee47c0aece335023d60a7b1084c121a4846cc399e55d1d80d67f90cad8289de56ed96046ed2a0b07ab1e88516c983002d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e1a82db7b8815c0a02f9bf84fa5aec7
SHA1 5d15edc853b5a061a32509ccfa0a19dfd4fd82fe
SHA256 189b3ba1f8d2b21dfc2b0821fa90001dc20b04c07b1440b7c06a97f769621232
SHA512 0280a8e05767b0d6988a2dd2f93b003ac52174a45ead11dec796905ce29f28e295572bf400d6df374d00fae99ca2651b838b1328a2015f6d1e42f53b12c5f1aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e1a82db7b8815c0a02f9bf84fa5aec7
SHA1 5d15edc853b5a061a32509ccfa0a19dfd4fd82fe
SHA256 189b3ba1f8d2b21dfc2b0821fa90001dc20b04c07b1440b7c06a97f769621232
SHA512 0280a8e05767b0d6988a2dd2f93b003ac52174a45ead11dec796905ce29f28e295572bf400d6df374d00fae99ca2651b838b1328a2015f6d1e42f53b12c5f1aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 954726bed9f14bafa81f75aa0aaef8cf
SHA1 c5c1dd2f300e0a6f9a5cde96d8959d5dd5817dde
SHA256 4095fa0be112445d7bd5bb6fcc7212ca8a1e79e6428880980ccdc195250e99ca
SHA512 54db1567d09f2fc883e8fe996b1a0dfc160b6b7ad76d8a6dc14a6121fa3ad5f2f8d85be47cefba915ce4f8e04878b66bce456fbdd99e815148238aa2cc128443

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4046b5910a94e36c3a6e94c8b503ecd3
SHA1 75cdf8ad11425a5e902db93ad508da9549e648ae
SHA256 63bdf9fc4a02570bb39a6d87024ae2a803bf0f35f6845e1557ceca8cd7a6587f
SHA512 8f105bd9fc44c1da8996a1fc67c906ea8c64fc9904eaeb05aa2da9cc870af0c90ed3c7b7c12b7a3ab9b2e88d1b684ef1f1dcd5955ebdf22966ece2cbe95a0986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e1a82db7b8815c0a02f9bf84fa5aec7
SHA1 5d15edc853b5a061a32509ccfa0a19dfd4fd82fe
SHA256 189b3ba1f8d2b21dfc2b0821fa90001dc20b04c07b1440b7c06a97f769621232
SHA512 0280a8e05767b0d6988a2dd2f93b003ac52174a45ead11dec796905ce29f28e295572bf400d6df374d00fae99ca2651b838b1328a2015f6d1e42f53b12c5f1aa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4vj6jg2.exe

MD5 8f5aafa7dd19050ed7cf132c6adfc8d1
SHA1 667437b4775b19c0f5b34aaf285269582c48e5c0
SHA256 4e2a07dc4ead1bcaf7e78a5cb5580c5ce2293234abcea72c08ca4e2df04c3f2e
SHA512 e1de76c10fef72d9b4230b12d9065ee47c0aece335023d60a7b1084c121a4846cc399e55d1d80d67f90cad8289de56ed96046ed2a0b07ab1e88516c983002d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d9ff5df2c45af404c9de3a7273edcaf
SHA1 a34827a7b32833c165dafdf5321388f5cc32c365
SHA256 c044eaf20f9444037bcf03077a537f254080adab084d0eb07ceffbd0ac631250
SHA512 955bd8b1393046194a030899e946fec21a5e3848ba94288e52ea686664782b5a0714018518c9fbf65fd18e739b1a61b0354e9ec5db9c678e0ce1cd5e2ed7a3cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49cc549237ef69b8d3a5916b9585f092
SHA1 b66fb6655889906bede1495064be9b69e4bb4666
SHA256 329f7abd825e1705e9edebd21db0d0e7e1c602ff5c45d253746f29b3dac66f5b
SHA512 6e8aae8a6ec5d8f2d7822f60f25be450f2f2ae6e7540bd0b7ed4e208e8481aa7aa1becf627b2165c6c140d7006601de326b17f46de189b11231a0409e8e6735c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4046b5910a94e36c3a6e94c8b503ecd3
SHA1 75cdf8ad11425a5e902db93ad508da9549e648ae
SHA256 63bdf9fc4a02570bb39a6d87024ae2a803bf0f35f6845e1557ceca8cd7a6587f
SHA512 8f105bd9fc44c1da8996a1fc67c906ea8c64fc9904eaeb05aa2da9cc870af0c90ed3c7b7c12b7a3ab9b2e88d1b684ef1f1dcd5955ebdf22966ece2cbe95a0986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a141c5bdf684ed72dd04ea090a8dbfb
SHA1 46238db3eba837380583e19eb0f3d39828c11eae
SHA256 5d80822a344fccc761d16f9a9d1a8a785c5356f390031d5701fc2bc7aefeb5a3
SHA512 69f5c709e22a74cb130c23a2941ab5d1cf6d1db49e944f9bd22d92e5b190dcfddfc2ec16153c7a8223b35d09df26654ad677e80006eec93fad1b09ab1916149e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4f88221d06cbbed1fd5322cabed6e1dc
SHA1 93727ff209f33beb2ada919a733c581e10991be1
SHA256 258d756065ef8f937e3ed47e47bdb83f7df7801946134876175a9846a7098dce
SHA512 5b39b0cd35321b0aeb44ec83163e50ec92a2672d4a5ab5f5c041c8b1d56f2878c2f3eb89fd93b4cbcd9bbae454a85844df2444b40b2ae4bed7ebdd5cc6551e34

memory/7496-258-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7496-259-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7496-260-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7496-262-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b1d365561163df82674a8e0701260b6
SHA1 ed8c14ffa16b0c9d78f9d5a33867d375a67ae30f
SHA256 ad11e95dafe2d160c463b1e85996d5cb79aec427a232802d726b0a560eefd1c2
SHA512 4ade74897aaf82ab9183c51c050afb5b80e4d82cfc062c6dc9d9e111aed88d4ff7ac9bdda1e810671a40a98c585bdebaa03905ae892b84c67eec910a2a68a229

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

memory/6056-340-0x0000000000400000-0x000000000043C000-memory.dmp

memory/6056-342-0x0000000073FD0000-0x0000000074780000-memory.dmp

memory/6056-345-0x0000000007C50000-0x00000000081F4000-memory.dmp

memory/6056-346-0x00000000076A0000-0x0000000007732000-memory.dmp

memory/6056-352-0x0000000007900000-0x0000000007910000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/6056-355-0x00000000051E0000-0x00000000051EA000-memory.dmp

memory/6056-356-0x0000000008820000-0x0000000008E38000-memory.dmp

memory/6056-358-0x0000000007A20000-0x0000000007B2A000-memory.dmp

memory/6056-359-0x00000000078D0000-0x00000000078E2000-memory.dmp

memory/6056-360-0x0000000007950000-0x000000000798C000-memory.dmp

memory/6056-370-0x0000000007990000-0x00000000079DC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f8e2bbf39d0742d4430747da777977c2
SHA1 6060266a42db4622b35fff82f7a4b0124380eac1
SHA256 543e64c314fd0f7599cb751fed2481e0d44a96cef5c870efd76a4d0fb28ab496
SHA512 aafb54424ebeee7d0d85633cc1c755f342f69a7edd448c3139c6fa907ea932fd91e97be6cd0f4fefd891e2f66d580876d5b26f2924328353f5421b71ba7965e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d14a.TMP

MD5 914dbeecb553a351fd5ea2ad4365c311
SHA1 9c15966cd2f24eacd94b24ae7b37f0b102b1bf64
SHA256 3312088471e4524f8f509fd926d1ae9f5af3a21458b0b1ad6a6f7e7194d551c0
SHA512 16a3d76b2acc4d5ca1f419de54955ec457f9c5149fc940bd3416e7da14c266de40ce990e5fdcc2d755bee4ef725c7a13fa40389d8f9ac70a6142b5cb4512e67d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/5444-600-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5444-601-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5444-603-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5444-607-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0fe88e2bafae980393b4430539e9475
SHA1 64142d9c5ddf62c6b27fddd92ae4bb07a112a278
SHA256 547e0f7c1301d2c9bfd2634f55c5cf1826636b61b483bd9c9db7d43612241abf
SHA512 8874088d388952c4aef4fccdb67b128e1d67f7f48906c2850d8f69a5133e13dcad67cf8b9ab56ab6364e31652b683022f624f283388164b8b163923fe4a4b368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f8426ab296128da1c558e2e627892290
SHA1 31f53d60d558daee559f98f6a2f19a637c779ab6
SHA256 a0b1c182b08c5756eb46230f0709ba91eab2441102f9a54157762d07edaa59db
SHA512 f3a5e8441590df0510a9b43dc541db8d1c27cd268d950ec4bcd2fe9912149f4fe22f0b040094132eed805c50d8d16ae337a3ba982973c7b8f74dc57671fe33b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580172.TMP

MD5 2bfec306d976543b6650aa9c5d6fa741
SHA1 cfe01e2b46079a7fea3f92c9714d61f4dd5717f7
SHA256 cb1970da8fbedfa9428c366d2132bf545cfe9734b57da74408082dd770e75507
SHA512 c00b6293f106809ec16ef50ef4db4269b4bcf171c459b1bfb8eb21509fca6ed7ddfaf0f05622419a4c00503f2c5f6425f0db2c56cee014e6e4c6b4863caceb96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 66de68ecf8c29d545f0c14ef013ee5c7
SHA1 9d8b5e87421119e926fddaf619dffc44ade413a2
SHA256 b60b96c3ece09a4a50e7a106bf784fb921fb2b456bd1d9b0cc34ce3058415905
SHA512 b611ed75f457de1a2c9e7811e3b7722d192d9e310eb8c6b3e07f48da918d30987e0e9587cf7d9db7546883a0fd58f0a3ed48b71ad1c52f7be83a153ce502f8c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 37b1602a12129011543a1bcef68327a8
SHA1 610b59906f0e25faa8d42c5d4f6dac496a14b1ff
SHA256 932388e5b2fa9fa9b4af419e3bf71bc61c369c2892b0bca4bcd65365a9dd2b56
SHA512 3000d945a917f38c4da36a7378e351b88b9fba0e43e6deaa2733850503115af94616560833a2f6b09b2b6406f272db60a786940a7fd305a9cfe0cfef9c517684

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/6056-723-0x0000000073FD0000-0x0000000074780000-memory.dmp

memory/6056-755-0x0000000007900000-0x0000000007910000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe582769.TMP

MD5 1988bd17c2754c450a938a9d9f70d139
SHA1 58eebc26d5a5f5508f8f63e749f1c7d1428ef6f7
SHA256 7bbdec780687ff81e122561f33663a70004ec4e17956fe22b47b51d10e5779dd
SHA512 5bd6f82dcd6a29703dd44092a85d9e73e9da25250a9d033414c1a7467d2f0b32e691d518bd0410fb207cb8b84e879a916f09919ab5f059d712716aa1c8dc4119

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt.tmp

MD5 7a05155e1a713c850cd4cdf39abcbfa1
SHA1 f72e132b68f74aaca0740206fdab18ced443b577
SHA256 381f30b2c1f147eeecf9cf6bee1606a34819fec3db4bbb0ddcfbc551fe048eb1
SHA512 39cd8bd15069e2604080f12c56eaf4a9f913ba70bde2165290dd0794413643e8b68a6aef2d060ef8fb61e710638aec842fcbacfe0b90cbb1501758d7ba02b73a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\ee6b9e91-38f0-4edd-b298-db94158484ff\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6263b422157a194442b811df5e5f9c73
SHA1 1a0fcf2ead3188ec044142f7a89d0f110b36e7c7
SHA256 c4dcfac746cefa82bf1d76dd8976f475fc68b1f6d4a2cc086ad936a6dd96595c
SHA512 751ec80ddff7b1500a79793fc372a850799abc18e5025411c3ebecc4f5b64121f71d829a0a597b2f87530ceb63cf5b9c06c4ea36f45f15765d9fa79136c080a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6699b4b4cd160dd2fafb6ad00d63fff6
SHA1 96f618e8dc32502bb62147252b58775d550d8a8e
SHA256 2cbf4721b4c6800365b35564ec6d02b80055c5f3e6e1c49c7f1c69e19cdaff67
SHA512 7e85c5566c7691f1872e20f78d5bc252ab8a6799b11860f364f5df82ae8c1aa4f98d617cd930552fe7ec6feddb79a02f3c3358fdd9289285ae3cd365b786d607

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef4dec131fad2d22b265dd6a637cd5ca
SHA1 7f88e143c7111088468686a45e4c5985e7c3605f
SHA256 93791f9d2ec2c4fac04d1b8cc87bd361c4e593a00601a05990d1c78a9c8a5d3e
SHA512 d26d6fd871e2f7318ca0a8614c58dc9a599652c2c82f2f70d24b5f9a7f13f6fdb3b47106a6607fd3627bc67218df1d8656b55355ed95e508587d00e98a6b3329

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8153828b0f2dc0662a59a94d3ab10d86
SHA1 0e9552562cf6251bff37c78bfe97714ac3bc8ed9
SHA256 f6b2c059c2fd494b4a0a72c880d2ce58542a4eb0b2728849557db489aeb34f8d
SHA512 f9609c2ae462fef533cd29fd191aa95590fe4a233b0cb1b2ccae7bc30e62282890e700e837696738422557b44f728c170d5c2295ffc21aaa5bf6bb9bd40d01a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 49965d78debe6a4771757fac6004bb86
SHA1 514bfa8a2f756cedcbe0ff999ac5fd956b1a3640
SHA256 0724711b644ae76cf985ce48724349fbe1dcaa30e449c964343f72704a3dd55f
SHA512 0e1ea0ba536ae7bbde09f3ecf3a706a76df8ef6f4fd7a7abad7d9338d6969811bc3b18dfd0c9f093d53fc206a6fb228082a0cd386f7e0e884d41e0a58ae3c12f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587e82.TMP

MD5 f5b3191200f987867166f609ec1255fd
SHA1 f91ec99f8d94140f6f1cb1cfa662b4512af16aec
SHA256 062dc90be425616a55bae27b2d3ac7a8303066a9133a9af7c7df0b3dffbba2df
SHA512 8c5505ed78224af135aba087e7405b722ad266f4504eebb01f50ccf996129a63ac467c318c5fa14786f3fc0912d7679d8b7db76da786962a620c46de74d1247f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 303ecd6858e639338b7efd22f138aa55
SHA1 006df90fac05524f11a5d856841a22cf6ab33575
SHA256 06aba486ca0eb4d1ed3ea1e7222c935cf3f4df304585f9460b4baa6a17f113a1
SHA512 a21ff1f45a1da2058d3fbe813027805849269badb8bdd52d663143ce0a054e02649e6431cc28e9e1d26b89518e536be8bc20c8b637bc248babddfdb5d985f7fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\ee6b9e91-38f0-4edd-b298-db94158484ff\index-dir\the-real-index~RFe588a69.TMP

MD5 a928900c74f9475b1aa0580422c3e3c3
SHA1 61936f898f037135be70624c4c0da4b5f74c2cb2
SHA256 cd70d3bead3b47c500931f6ee21d1c1fb51111ffe4204ed4da890861ec5824af
SHA512 5b73cb180d0cd2c3532dd9f55ef8c7cdfc3f6e2ba3149298efa3f72f3eeefba989090ff98937980a1a12db3d25b3688c5171844bd95f4546ff85aa3f054a1d50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\ee6b9e91-38f0-4edd-b298-db94158484ff\index-dir\the-real-index

MD5 5ae63df506492fa33bb4c82f935a2706
SHA1 89f41b837ce98c4d041659c189808f82dadd9a17
SHA256 40cfea547f73580d717bdf2e8c04f48c543a7266c73e104d357ef11fb57dbfaa
SHA512 255630274167db7fe8f5b98ce62cd46739674508d50096b4d38273b8854abee7fd250d855febec3df751af69eae2449866bbfdb4294673f7b375462bc036a281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8f412f08-4b2a-4b46-91fc-f617bbe16a80.tmp

MD5 da828cd90c35a0230108120b420881bd
SHA1 8194d33f25df4b02adcf0f7f5e426ee2b0a550e1
SHA256 9186ead31111c2547224045c2b685285dbeeb91be02a5bf5fab1ae54a976d135
SHA512 76d4e3c23bb25ca138b043e2754870ea7127f7a636005db7663f46e7cb58d25e9457a97f2b5a0095e4760827f378a9d94bed1a7d7112add99e477cdd20986e2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8761df4ac206fe0776e6aaa3b7f86f20
SHA1 aff50bff44058e06ef955b159518759016e62f06
SHA256 d0751f00c1c12ea5ae15a916fe0095f090144088fec81477bc5680e4ea049738
SHA512 a1fe797f40363d691969d7ce3c314293885669985921c8805ee025e0c1624df363090e675e103ba4c5f0391287ee1d46c3a26c8848a49d67722e6dfb1bc30482

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\550360b6-e715-4590-b593-8fe7c21e80a8\index-dir\the-real-index~RFe58a6e9.TMP

MD5 0cb4a306f29f7e3a5f803f716a5b08b3
SHA1 b97afc89edc1a6b3fa4b0e216002ca81459175d5
SHA256 46976f5e1dc83d791a7eadd02056d652e203a9550ebe92b6485cf48e99f1f905
SHA512 b8b26ce443736b82f26be81fdaafdf4ef0e65eb48523b38653720ea945ad7d1be1f67d3d87aa1f3b78f06f0c157a23ebce9c9348f485f93f6ff521ab8406b914

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\550360b6-e715-4590-b593-8fe7c21e80a8\index-dir\the-real-index

MD5 6d3b00c0cc5dc2d790e44ece8e47fbc2
SHA1 42a07b1e61626449783ed95e643e1f612237c562
SHA256 8c70e87e55675f6ca6d141bafe8dc171f699ab17752a7f4e32d32cff8d4e7971
SHA512 78fee42ab7ac6b4e949e6b631199e3c03c2e1f5b237d5be92cc1c793f4f10ff42869df77216eab5697daff81bbac93654db660d92b049567390a13da5095cea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8728a3d932f7bac0b8a90f4fb129c1f8
SHA1 5c9cbf054288cf02f20d2de1499a76add3187ec0
SHA256 d839cf9918c2cf9b3425c8c00d871a004af15fc3e0d11de10b79d712edb62df3
SHA512 a1006a1abb336eab8567c86c652e8be21049a9981d55019aadf5c63a1c5301341b477b0c125a327aa644388bdb3b2e282e4aef569d10b2550435df9aa13ec0c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d2840d0dec90adcbc61da66dc43674e6
SHA1 59652fb845ed1c8b143c1c5423f3533b56b6776f
SHA256 ce7deb96432637d759c1b5940d1594058f6a85d363deeb2d22ff1c3ae0d58154
SHA512 c4ded1b2aadef3159b75dfc74639551e78efd06cf16710761c874212afd3bba756ae9301baf46c6dcade8cb16654d339f6314e794c1a0fe2add1de84e92991b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 41b72e16878f42d06d9ac305e0c241f2
SHA1 3d9db75c2a41f845d2dfb09c54f283cf81a6bca6
SHA256 51b1593f70e677fb7d0f5329e95fa861a95347a231c22f3e728bda1063a65982
SHA512 b37c41de1f02384f63028f539ffada12c1b06087acc9f291285edcea7f8798d6ca2faee8b644b04eca1a21b7f8fa9bcacaa59164b0e192740cf160d6f3dc9a6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\ca255eff-b3fd-4f0f-b4bc-4bdb2ae9ffff\index-dir\the-real-index~RFe5915c0.TMP

MD5 4133f604b67f253602174ebc18a162ee
SHA1 53d6cdd3fc17e2b3d8b242ff8bd75ffdd46b97e0
SHA256 00a64cb01bbcda9bbdafa3c7161cfce1b941c566ec8a91c16e506e0dfe7d2e9c
SHA512 ad19b2fa67f8411a9602cb8c209ff0ad6014625b6b3b91fedf3a4cf1984f7575cb3dbbb70aa1a4b88f5bfacfea0a02aa51cf7027adef171ff5a53c817d7b30db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\ca255eff-b3fd-4f0f-b4bc-4bdb2ae9ffff\index-dir\the-real-index

MD5 803504eeb8bbe8319a90e8a43083cdc7
SHA1 f139ebb21f0dadcaaebdfc8c3ca91c3a4bb2955b
SHA256 4aaf97b6a49c3bdfc20b1c6ce9287c81a733f1edfaf0e269761bd0de4b1efd75
SHA512 3e540ccaf9efe9a11ceb1ef6b116e9493277a1ec5ea5e9c8bc9470432562df65279248fd72008ede3c6a1c22422aea4a1165dc45efeee18e3fb059e2148b52a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 5f69f045d3e0046c0305f1ff3958b56a
SHA1 d87ca16d960b54f93c84ee3e4d0734043ffcda2b
SHA256 9236759062730aec9b8a51cfefd72351ef0cc82e1b9549a644ee9d0470c8d5d0
SHA512 993e355e6d80c6f6ad840e19587e48df7846c6e4a4564083319054f98b66b9de5ca523aa1389fe12e8903bb1724a11691104eee437281b47a4d1cc9dd11afc4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 94ce449fcc9438ee72b041f2685329d6
SHA1 cc560320c73957662d35e580e5018c421e94d119
SHA256 946f1656f8fc26401167d3643dd63d4131d69b121e76ca7e8288493fed8e5d27
SHA512 a0bdc68cb67d7b8ee42503f33e82768c9977c81383830a163798246a38c04c826cfbe079467407f651a485e4e2f46d51d339a38cf33b297989233003558f871f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4e0477f2a7b7074df1fc39299f7a39dc
SHA1 decda2bfe48404b45d6451de5a7f2a83b8b8536a
SHA256 9b070597eb4f1cc2e85ed6e0a8d7244d71844e1cf35d6c7c88d5c19cb9159403
SHA512 98d6e5ebc552f7a0a2a4f75f461e6d0f9e113908e28ac6b581fc52d695352461da7c50e0638faaff0e334a68b0e258c774b0a0eebf9aa12995d4f10d23199755