Malware Analysis Report

2025-01-02 05:03

Sample ID 231111-kvpktadg39
Target 662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a
SHA256 662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a

Threat Level: Known bad

The file 662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

RedLine payload

RedLine

Detect Mystic stealer payload

Mystic

Executes dropped EXE

Adds Run key to start application

Detected potential entity reuse from brand paypal.

AutoIT Executable

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 08:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 08:55

Reported

2023-11-11 08:58

Platform

win10v2004-20231020-en

Max time kernel

163s

Max time network

169s

Command Line

"C:\Users\Admin\AppData\Local\Temp\662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2420 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe
PID 2420 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe
PID 2420 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe
PID 2628 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe
PID 2628 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe
PID 2628 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe
PID 4244 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 4580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2924 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2924 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 4756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 4756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a.exe

"C:\Users\Admin\AppData\Local\Temp\662b9aba43af31d9a640b1655ed8f4616d1dd4b4e03d15ced5263a26fa29094a.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,16567946388450056051,3824027617352464583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16567946388450056051,3824027617352464583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13866090476947568104,4491079682638921056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13866090476947568104,4491079682638921056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6240381924710122849,7519072312545828989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,2841595911116201412,2513501367967111925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6574274731018919360,15715099926329479550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8b4e446f8,0x7ff8b4e44708,0x7ff8b4e44718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZL6447.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZL6447.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7232 -ip 7232

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3AY35XB.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3AY35XB.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,5784280676569425401,12833437406647317354,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5796 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 34.227.0.18:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.0.227.34.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 104.244.42.65:443 twitter.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 93.184.220.70:443 pbs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 121.175.53.84.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 c.paypal.com udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
RU 5.42.92.51:19057 tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 rr3---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 232.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 52.111.229.19:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe

MD5 fa30d96402a4293ffe130f2fe00f15b6
SHA1 d9efb8fd0322bb5d66f12b84639b54a92a72765a
SHA256 4500b1dfba819493c9a9bc024bb49f9a60e7352e0c829101994558cf8996d3f5
SHA512 00d9b62955f57b1462b2980574af3faa355feddb34b5bb587ec693874412e6ac97e43a97e1b3886b4478c51508414a55db501f2363233a6aa8ba964fac77d1a9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fB1ZP43.exe

MD5 fa30d96402a4293ffe130f2fe00f15b6
SHA1 d9efb8fd0322bb5d66f12b84639b54a92a72765a
SHA256 4500b1dfba819493c9a9bc024bb49f9a60e7352e0c829101994558cf8996d3f5
SHA512 00d9b62955f57b1462b2980574af3faa355feddb34b5bb587ec693874412e6ac97e43a97e1b3886b4478c51508414a55db501f2363233a6aa8ba964fac77d1a9

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe

MD5 abb4fcce632de7e1cf31fbc161aecca4
SHA1 b86034c0740760830f23ded37655abf034bc3b12
SHA256 e021cdd3dfd2bc3bc5274a185c0a639e036e3eb7ef6a25060346c222246b8f44
SHA512 71a60f5e240941e94cae39b4d7a477b363312797c8d9691b18efc98575fcdcc2524f3b71af377661085e4b1a65a3444fea244a76ce76d8eb13f33654053e7845

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1gZ09YN7.exe

MD5 abb4fcce632de7e1cf31fbc161aecca4
SHA1 b86034c0740760830f23ded37655abf034bc3b12
SHA256 e021cdd3dfd2bc3bc5274a185c0a639e036e3eb7ef6a25060346c222246b8f44
SHA512 71a60f5e240941e94cae39b4d7a477b363312797c8d9691b18efc98575fcdcc2524f3b71af377661085e4b1a65a3444fea244a76ce76d8eb13f33654053e7845

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3400_CJGQISYONAPWBHQJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3796_TIFGVRQZGMZBGVCQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3756_LSBQBTWFHINUABZE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca531c700d5c6e89ab800df43d27ca15
SHA1 44f12cfbfb53d2094a99fe93063eab18db2d54ca
SHA256 b9adea7cf64a0ec1c7d5e6464c4ea8a3f35a3cd8b49f3e22437a56e1eb4d6d3e
SHA512 85f0aa063f13d98e11129d7bbac30433fe908c2d81cb22b61931166189366a1e1c929b988c37f4fd0ec7bbf3827905a5a6b70a70d436e36f13c2fbbb0c5b4629

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28723cf7b81addb07b9e821b0384e80f
SHA1 17af0e38a0968bf4d7f7c51d153c0da83154c45c
SHA256 4abe95e439dd2f59c90a860b2f29b25c63c7c2cb07187f174cf3dd6b41a28c88
SHA512 e72ad130492dceb0f76d7b53f080b42962f1a31a8538997f962a5d9aacf52684ddcdab6f48de5cf72101533175221bb188737816d0b5a6d4e7a7b0cb96a0844e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28723cf7b81addb07b9e821b0384e80f
SHA1 17af0e38a0968bf4d7f7c51d153c0da83154c45c
SHA256 4abe95e439dd2f59c90a860b2f29b25c63c7c2cb07187f174cf3dd6b41a28c88
SHA512 e72ad130492dceb0f76d7b53f080b42962f1a31a8538997f962a5d9aacf52684ddcdab6f48de5cf72101533175221bb188737816d0b5a6d4e7a7b0cb96a0844e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d9b4e9ff4b67b19d4339d6d91aee45c9
SHA1 2b07f02eaa358c81f3d258f7bbce27b21f2e0d36
SHA256 46df3c561076a72ae5c5387742406b2c49ae14fe937d2c60bff750f79e1c43c7
SHA512 d92c8933508f0f5ef952ae7bc4b710bef721c3f269aef4562b986ecfd878b71a0513f49f123a68783f9a74b797a61fba740a10edfc7a8354fa2e836b0fe6e8a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d9b4e9ff4b67b19d4339d6d91aee45c9
SHA1 2b07f02eaa358c81f3d258f7bbce27b21f2e0d36
SHA256 46df3c561076a72ae5c5387742406b2c49ae14fe937d2c60bff750f79e1c43c7
SHA512 d92c8933508f0f5ef952ae7bc4b710bef721c3f269aef4562b986ecfd878b71a0513f49f123a68783f9a74b797a61fba740a10edfc7a8354fa2e836b0fe6e8a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d427e8e1bf7cf5eb395c4a57962748ad
SHA1 25aab35b4aa8a85997b87dd262d1c89a84845023
SHA256 ac6821bb67c18902cd4b8737999655c63834597571aca7523c1684caad40b977
SHA512 a6bd3089b9987f64cb1b9b6d311ec34673d742523847b51d80988fca3017f763ccb5127b812b0481112194ae35865f8ac3b8603a032bf3f3c41bca8b630a1862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca531c700d5c6e89ab800df43d27ca15
SHA1 44f12cfbfb53d2094a99fe93063eab18db2d54ca
SHA256 b9adea7cf64a0ec1c7d5e6464c4ea8a3f35a3cd8b49f3e22437a56e1eb4d6d3e
SHA512 85f0aa063f13d98e11129d7bbac30433fe908c2d81cb22b61931166189366a1e1c929b988c37f4fd0ec7bbf3827905a5a6b70a70d436e36f13c2fbbb0c5b4629

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c80778a0ad7e3fb64a2010851411feb3
SHA1 dccfd062e4f5191b8c181d115cf632139c9bf0ae
SHA256 4565567717b5b90f379a9c93b4ce4900604914797025cd9be790ff01ec60952a
SHA512 204a6fb7069ed720d8eb087a27fb83f69bfec748f9f7623db3737c25ab366c51428d2b639850695377a2d2808bf7896b93dc492f79c71b8cd67dbfd766a74248

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c80778a0ad7e3fb64a2010851411feb3
SHA1 dccfd062e4f5191b8c181d115cf632139c9bf0ae
SHA256 4565567717b5b90f379a9c93b4ce4900604914797025cd9be790ff01ec60952a
SHA512 204a6fb7069ed720d8eb087a27fb83f69bfec748f9f7623db3737c25ab366c51428d2b639850695377a2d2808bf7896b93dc492f79c71b8cd67dbfd766a74248

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d427e8e1bf7cf5eb395c4a57962748ad
SHA1 25aab35b4aa8a85997b87dd262d1c89a84845023
SHA256 ac6821bb67c18902cd4b8737999655c63834597571aca7523c1684caad40b977
SHA512 a6bd3089b9987f64cb1b9b6d311ec34673d742523847b51d80988fca3017f763ccb5127b812b0481112194ae35865f8ac3b8603a032bf3f3c41bca8b630a1862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 525529bd230ecfb97c64c37d2fe9f59c
SHA1 427ccfd4c28dfb46a823ebb984dd48cdb426557f
SHA256 d53082f31bcdc007283a040790a3a708297085c0abd39e080adc1b3ea4152235
SHA512 0458010085c1c1911c80d29e7dbfd4f23e513c21341d339cf614fbd26c219385ef6afb2b31002a993468e4ef68c3d3d71b43705962d4f46543d07d988e48530d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d9b4e9ff4b67b19d4339d6d91aee45c9
SHA1 2b07f02eaa358c81f3d258f7bbce27b21f2e0d36
SHA256 46df3c561076a72ae5c5387742406b2c49ae14fe937d2c60bff750f79e1c43c7
SHA512 d92c8933508f0f5ef952ae7bc4b710bef721c3f269aef4562b986ecfd878b71a0513f49f123a68783f9a74b797a61fba740a10edfc7a8354fa2e836b0fe6e8a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca531c700d5c6e89ab800df43d27ca15
SHA1 44f12cfbfb53d2094a99fe93063eab18db2d54ca
SHA256 b9adea7cf64a0ec1c7d5e6464c4ea8a3f35a3cd8b49f3e22437a56e1eb4d6d3e
SHA512 85f0aa063f13d98e11129d7bbac30433fe908c2d81cb22b61931166189366a1e1c929b988c37f4fd0ec7bbf3827905a5a6b70a70d436e36f13c2fbbb0c5b4629

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZL6447.exe

MD5 44cbc8adabb5263deda30ded5157afba
SHA1 4ae1f37df7a836197ee530841628fd89e622c705
SHA256 2e334e783ca94fbc26c636acfc54daef4d6f9a9ccb58f3445b473d0dc9720971
SHA512 7cb1f9a16f1e6b31bcb066edcae18440d77c204f0a6a0f47b2168bca02253f90ce58611b1ac69f3361bc91c5ab8304cfcea34bf52f452676ac01a20b4ee44bb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28723cf7b81addb07b9e821b0384e80f
SHA1 17af0e38a0968bf4d7f7c51d153c0da83154c45c
SHA256 4abe95e439dd2f59c90a860b2f29b25c63c7c2cb07187f174cf3dd6b41a28c88
SHA512 e72ad130492dceb0f76d7b53f080b42962f1a31a8538997f962a5d9aacf52684ddcdab6f48de5cf72101533175221bb188737816d0b5a6d4e7a7b0cb96a0844e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZL6447.exe

MD5 44cbc8adabb5263deda30ded5157afba
SHA1 4ae1f37df7a836197ee530841628fd89e622c705
SHA256 2e334e783ca94fbc26c636acfc54daef4d6f9a9ccb58f3445b473d0dc9720971
SHA512 7cb1f9a16f1e6b31bcb066edcae18440d77c204f0a6a0f47b2168bca02253f90ce58611b1ac69f3361bc91c5ab8304cfcea34bf52f452676ac01a20b4ee44bb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d427e8e1bf7cf5eb395c4a57962748ad
SHA1 25aab35b4aa8a85997b87dd262d1c89a84845023
SHA256 ac6821bb67c18902cd4b8737999655c63834597571aca7523c1684caad40b977
SHA512 a6bd3089b9987f64cb1b9b6d311ec34673d742523847b51d80988fca3017f763ccb5127b812b0481112194ae35865f8ac3b8603a032bf3f3c41bca8b630a1862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/7232-224-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7232-227-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7232-229-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7232-226-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3AY35XB.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3AY35XB.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7b4ee304edae0b7e5a98693950176f3d
SHA1 9c79d348400d774efcc55c5c4a2ef8ba2881936c
SHA256 db8dcd4bb840a8084145afc06dcef90f9aefbeebaac166dbc01948622902a49a
SHA512 70ef56d728c3a64b83985ad7719cbce5675e2b2c36dfce9f95fe743b40c7789cd8e2b4efa14bbd4f80d9623a8f5861f821439b50a39acd8aeb0a68fad46202a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c80778a0ad7e3fb64a2010851411feb3
SHA1 dccfd062e4f5191b8c181d115cf632139c9bf0ae
SHA256 4565567717b5b90f379a9c93b4ce4900604914797025cd9be790ff01ec60952a
SHA512 204a6fb7069ed720d8eb087a27fb83f69bfec748f9f7623db3737c25ab366c51428d2b639850695377a2d2808bf7896b93dc492f79c71b8cd67dbfd766a74248

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1765a1e1-fca5-40fe-94d0-b0387b4b8e94.tmp

MD5 6a2473d6aec8319b2893af06c476065d
SHA1 ddd7d663280794cb80fd7c6944d95499d8ef23e8
SHA256 19952c8091c12ae15a529c591b50025f0163cb82b3760322e9d18a77fab7a086
SHA512 25c73f133168ec11ac65e26c8faa581f97c326d552ccdd133d5591551734533d3595441c58f6a90be7357676a8205c079d51b7c0b1aa6f40d89f9c9582b8984e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

memory/8140-303-0x0000000000400000-0x000000000043C000-memory.dmp

memory/8140-310-0x0000000074140000-0x00000000748F0000-memory.dmp

memory/8140-311-0x0000000007E30000-0x00000000083D4000-memory.dmp

memory/8140-312-0x0000000007960000-0x00000000079F2000-memory.dmp

memory/8140-318-0x0000000007BF0000-0x0000000007C00000-memory.dmp

memory/8140-328-0x0000000007B50000-0x0000000007B5A000-memory.dmp

memory/8140-333-0x0000000008A00000-0x0000000009018000-memory.dmp

memory/8140-334-0x0000000007D10000-0x0000000007E1A000-memory.dmp

\??\pipe\LOCAL\crashpad_2924_EYVZASZJIXIZRTYF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/8140-362-0x0000000007C40000-0x0000000007C52000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/8140-422-0x0000000007CA0000-0x0000000007CDC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

memory/8140-446-0x00000000083E0000-0x000000000842C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 64f0150e75fd1cdf480697a925602eb1
SHA1 6305dc6cad43ba906a0c62ef485335f1600caf1e
SHA256 4b6e5242888edae9abd388c6d16ad7dbc62d55a600de32b4ed21a8ae93a9e8ca
SHA512 7e3af46356cc3c2b6ad2fd4e214b5c0c1486021b1382381d961cee9025b78385f405d95c4eb74ad42ef2d70c37d497ed94697709b7aa936d63eeaf547216526c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 181b41cb2d0539a713d33cb33cb23734
SHA1 b88cf66fc6ed03d7ba3cce2d31b4b813bd664de8
SHA256 e2632de75ae55d19f41425be91dc8ee06e15e259e79c5a29c8c30be85127b56a
SHA512 d4d98e9d94b9b628cc724b12a23747c57b518a554710ceb189ed4f9fb0d70889ee8a2bf619c6a6c749353a70e8da22828d786c3bb838338ecc299283003c0d14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5854a3.TMP

MD5 37fb3eb42ee55b7af518f3019b3d5c5f
SHA1 a0acb42b5737c2aa7b4f374a293a2643d0e70411
SHA256 c9cd83730fd68187749801ad81ff8485642c79a9c7301608638ac211ba9a2a40
SHA512 4356d59a27d1e7c5b93026d89ffa8537ef8d0364da455fea56cfdbc4bc9e485b8613cf419f61af52c66c5a3127201e15d6eea59e53f19f8f459fe39e4cd474fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b7a9df36f7b18ffb823b19e76753f096
SHA1 526960808b0827f145d7f5bb4c3f653fb2f20a21
SHA256 678d9ac8fe0c7f96134d2a9fef5c2e515f397ee0023912cad6a8fc14507f09c8
SHA512 341e5e1dd119071268b555116dd6190b090d5389efbaa2df56cb8337aeb1027fca3da13d89d54e213ccc85a0f566a36811a94f6d2534758f20202ebf383ed799

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 45d40b827ee9f4020f0080598fed3c87
SHA1 15a773bfb2401ef632715aa923b0e76509fca78e
SHA256 a1d7fab3db8af161a26d6dc437657ec58ec5f1548d633b23456b110435fe9dee
SHA512 9c5138375e73bac3c1e52d1f9ddb1874c58f5d9f4c3e91093c6ea8412c717ebcb829527ede731fef88d445e2bffa59f5a804ccccf81499053b08334b1be98b59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b5ea4657-8527-46d6-8129-4f1a8f156ac5\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe585b79.TMP

MD5 b8d7c147664b466ae20579b3ca8ed021
SHA1 61c8a4d1336708f3ba6ba72c63dc015b48de04bf
SHA256 9e0379b576a5b05aaae0b555bfd08bb8095c9b20bc96711ec808bd46021f42de
SHA512 e4fb01bb4c409ffad79393f6fb5fcbde60ca9a197f5ba1df70effac35110d0c83aee2fb6138463ed6340d33ff78b8b9ad0b2a383bfed785613f2b26c84d14665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt.tmp

MD5 8df45088c8a68b8a01b4620075b647aa
SHA1 6f19b861a6e1113dd4da5dc364ec5393cae74446
SHA256 927539829a0c50d3d9351c4f86b8c85117afabc9e8770ed06be8163f8057a090
SHA512 bdc644df35eb7d85f32646f28e670cad1bec076b196571bfcb2d024cc79e89932dd007c7a7829699bd6895783afa8dc27e410ad979782387f0b5602d957bfb81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b9c6fe71e3e9b8cc75367001b88e2d3f
SHA1 1152031dc9041e4c489f5ff0e5ccea9be184a53f
SHA256 d216290b305a2c5fa125483d6eecee15f38169aec1d5269671bff4683d6a8eb4
SHA512 706d4a8746990f636cfec5fcae11bcc54da465694d5de550526984fde0aff007a9f42948dedbd2c28a7421b3184eeec1b74922c8309332448e9ff46fa87911d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cbffdc20ca4b9578f41f0f46d2dacd8c
SHA1 cb2804caef9a0cf03a4db3cc212f9d1edf9fa324
SHA256 4cb8d3128b5d905a4e8ed39834c4ccd0c247294b5cb651304a9d39d598e4d5c1
SHA512 89e7bb609245654a373c878826f93ab3408a523564c13586786a67696b6472df0d3357a5aacd03ad0288cdbfb29249db174c8f74f89cee2871b689fe76e65d04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b3e60d616b7198870f3c4dba96866c42
SHA1 54807f8ea803dd7fe478c1be9f9cb0e5c4cd3017
SHA256 b02df87fd1ebd661e37de6f26339dd3b36d427b45584ad43631d15b727505e5e
SHA512 9ff9d2eb34ea92335153515448cc71a10bc99245c7f4d5d1be0da14f7226447b585ef2af04a2cc70fb0e80499bda0867623199c7eba6adea01b7ef467f795b76

memory/8140-1102-0x0000000074140000-0x00000000748F0000-memory.dmp

memory/8140-1217-0x0000000007BF0000-0x0000000007C00000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 39674e323b041e2f8acf0d872078d187
SHA1 6a694f90bc456c728c2a172a2421c59bfddc4f48
SHA256 423208aa871c4779525f9c91615bcb0d06c0b1dc9b11580d5b3d4892860a0d82
SHA512 65ea8fe68abe06ac2482926c825c5fca56df52be387920f1275c26a476b7a1475fae46a6a5eecf9fc29bb05175630a796d9cc896c3e0fc3ce29db4531e561567

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b5ea4657-8527-46d6-8129-4f1a8f156ac5\index-dir\the-real-index

MD5 7b23de955931e17a89757a9ccd581c9d
SHA1 780f0c814c424c12e49cf35d414ae9ffc71d1f20
SHA256 30521e66a6bec01e0dfb9721da96ef722aaa3aec3a5d35fdeb5353cba33c8bd7
SHA512 a3382cc2a5392a43f5e7718702443a881686a24c341c6e37ca3780fc8edec9becbdbae29cc76c8d8fa1548be4ac87e672638d6b66c482073b009df0beb2770bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b5ea4657-8527-46d6-8129-4f1a8f156ac5\index-dir\the-real-index~RFe58ae4c.TMP

MD5 4d34af9162a0b7df5ce3359a9942092b
SHA1 19abc6f854833fcb83dd9d561d18913f1610bf20
SHA256 bb33ac42bb79a943fb19c7fb9b5e1fb95ead7434ecbb0fb2cf04eb573592738f
SHA512 1e297b89e481f5a9f379665e63717ed72632a65aa29584446cab8239d51bafddb7cf6ba5fc7c9bded280f78356fdd2ab9702454553c1ba7066c790c618947d8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d331e629420d1f3e59929bb7fc25699c
SHA1 12152c7f2de890a1b066265a134dc938d9ce465b
SHA256 f8aebadb7df53532a7a8e616485a20120af46010d1e9f038066ddee1e99942ad
SHA512 189c932048bb18fede6572c51c833b104da6f007120815ba07ea0579b18487c9e0a539ecba75a6565d9ac20a4e8a769ad06734f3eee936364c00292b1305ecde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 7b1c2d63bfdb1d9272b0814b0fd3d712
SHA1 8a2dc9e77e1f195d4a4f1e8032316ae5f2b2b060
SHA256 1cc4a7d0a6ae085b751924ea3a8ef1e40486f65d115453f1fa4488a81913509a
SHA512 ee0984663f30ad26d3e89afa15d2940de743bdac76e62284ac1103950d5f97fcce53b9cd3adda5debe2da4e96345ea0ce12ba10733ba3b972d731e54350bc29c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c176.TMP

MD5 5b7eaacd0419af0fc981e715926f6406
SHA1 477e6d10bf297b57f2c88e657a82867857a71492
SHA256 e05026597cfe73e1a215ad16b5bfaef2f1fc45fbb4bfdb1306cad0d4ec86ce59
SHA512 b1cffe3686a30862eb98f2b9c93421c628ade3c44afbc0adfc1c18c9ea7f21a635d836c13f3fd10bff89f8f91a6b626297e738ccce285d1e0a1c73c101ac5463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 28f31b8ca737b856a927067e98717c03
SHA1 4ace2e3f5d4c4f690129fbb8e1b4671624539826
SHA256 8ab4e549c98c16bf70a659d591fd8231cc212380909827c1310a6968b66a150b
SHA512 ad1ec0bebabdb6c328ea4daf4a6c8e90892024cd07a79dbe6554ef280e0a8720f6422b7b7b7aa2191f4e28e30102bd0e7c74840c5a941b48f617000dfb2668d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\acf5e5d3-7710-49e3-9dde-ba91f1c13b08\index-dir\the-real-index

MD5 333f2cc78470fdf209cd4e8306194328
SHA1 62a7f28a2815988f66de0d06fde84682ce842b85
SHA256 8f3b89257b9508c2a8962f1ee097bcd72ed0a0ab0a3509cac567935ae9820a29
SHA512 29fb4bd543a9076ef1b1309bd64327424e9d088083a9cfff1f5bc5ab8f2eb66932ce0205030571a2d273fc5e59df3befc2ca99857830b4af05d820daa28326fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\acf5e5d3-7710-49e3-9dde-ba91f1c13b08\index-dir\the-real-index~RFe58d26e.TMP

MD5 d82dc33637aa631a0714193cac991f37
SHA1 ef183f9d19d265737facd3338784cbb9768fbcdc
SHA256 574876d1c5dd72ec9f159b586985a062347d26f43b216f284b414decf7bd4abf
SHA512 d7de1886457fbb4d12112e38b8751554c6b281f046c8fc68126b2fecdcd87e1741ab9502dac1ce4beb72177aeeaa9f2c3fe7f8f607aa9eadd32b2f1f6da11ecc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 332626f7d1eb2720be685baaefcb7985
SHA1 495780f4179f249841e733678b615afde0499ba4
SHA256 7c51ba85d4dd62be8e96bcb4f507e4c826b25c14572fc864a6e939f5950d9790
SHA512 c784e77381850c7826ed973cfceff45c862d62503cc630cf928101f3795e8b3d49706bd2916811afa18453d12a01cc61848973ce05a355a323afbc160296aecb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 39aa7c40f3a8122c0296ea6004911110
SHA1 5a1edb113a978a04e64e9dee04714aac54aefaf8
SHA256 d892cd129df63900af8429a32eab7e508b5117f3fcf25715963d4615c53ce05c
SHA512 3004e34639d2d42e2ed9dc55a6a8149501d4ffd68477f3b4a4e3bed3a72bb984ba78b5e8273f685d91b0f386fe59ecec6440c25d95f8ac1508aa502fe4666c0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25121d1edee234e4fac4c017c1c3dd4a
SHA1 6b36e3a3138de53ae46ae518fa3e622af83830ad
SHA256 d5687553f97c70d406e0f6fee662b674d06e266b3b89b65a53f28d74f1c91fb6
SHA512 786843d838e43cd74bdf86f90290f9383a024bbbca5068b1c68b54351a633404cd63ea0c1a89afcc5c4358058da8815f540f102d9f042889b737410f4379bff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b2303100e915ec30679586d6683ed23b
SHA1 830ac344bc786c675891adc62e16af242231bb72
SHA256 9d40b94055b21c814fc36c8d379808db16bdd51d1176451e1d5fd7f0b402f3a1
SHA512 c98da57bd22e9777157fc43f53fa20d50111a8b637eba39b0bdac229932fdb4c15339a96fc7e3cfeb3926c240e8859034ed697747fef6f72a451e9a5d9a5a189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a9504629-fa33-4116-9936-9972d0dbeedd\index-dir\the-real-index~RFe592acf.TMP

MD5 5fab2cb6d07c34f1625e0851dbcb399a
SHA1 c76d60498fd8c041b85d252caf036e24e142e1b0
SHA256 f9a335baa7845922efb4c2b4825ac534b8933e725c1df12e0a6549fba7325e32
SHA512 40ef1be403d7fece05038520692d8f0915ae66449a2fca219484d8e5c7c2dca101009201061cee8f03f54c4df80a5a9fa4352afb84406f47e8d99ca68cfae4ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a9504629-fa33-4116-9936-9972d0dbeedd\index-dir\the-real-index

MD5 447e81878411c696477b473069dd84d2
SHA1 cf78e4b60d4a0a8cd072c02c02d88669c27f1206
SHA256 f0f2d0b5fc50836cd0c4b853e9954552e04718050ff21704128efcdcce84cc5f
SHA512 fe78533437e3a06d471035e5514f43ba779941f17a0f3015539d969b804fa007d98a6c886e48ecf0fe2c5a481dac9af03b1d6e4b8ae58ab397d593f55a2f2e77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 06f34e004dfee540b45c6af3b5a343f1
SHA1 6b92ece2592d0c362c2e5e7368dff88ddfa0411f
SHA256 4aad3d2beb2141c07c843cf1f60796d53bb11be277e05c010aaddaec0c92b328
SHA512 33ec8c99aa25210c70f512575cd5fcbb12530d7115b5272bdb504938ac73281e8199470a160b0e3bec076643554df73fe99ba3ad2bf3ac22cb6e33bc61c431ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 97d116410816dd5dde3773e12692d7ca
SHA1 5d513b96b16f150a37306472599a380161dfa38b
SHA256 da7d9a2f659fad8ca5c21e8a5074977981446a86e75fbf9cd0a258d35d8410d7
SHA512 0d3026bae21ffe86184d9024f6a4dd9ef8b9b9cd8a0515630c6ee62488ba8db529913f93e505232145ebf9c5173e0e17ac99cb39828ea2cac3bfd1ffaf5e32d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3b54b2eb6e540e7353d62ba62d93abf8
SHA1 2063b1614e6a6d81b36e773759903d7fc3c4cc19
SHA256 30ac3b99a3480c79c1be80a6003cacbd5a684b375cec2bd7cafb71ba31df8074
SHA512 e49915ee0d435e27f3157529ec1f87e59485e28109c932f86c1ca958e5d01d0d80bbf869194f6cc1553d3830e747def33b6a386494db98da128500a47aee22ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 edba6ec95a9748419b7e648e0c3596ba
SHA1 20252a45e56587336b727c7623c9eca8bab9744a
SHA256 7d87a8b274e0596850bea479808b581645f873c7cd706afeff8ff4417ac1e007
SHA512 422a6153206a02477c2dad086eee6c5a7f3b0fe97ebafc2852e9fbbca42afc3c7cf4903efc36498a2a0c2ecda60c2a99c7dd9b77053d4a97a936113e6794c971