Malware Analysis Report

2025-01-02 05:28

Sample ID 231111-kvr1yacg4w
Target 5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c
SHA256 5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c

Threat Level: Known bad

The file 5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine payload

Detect Mystic stealer payload

Mystic

RedLine

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 08:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 08:55

Reported

2023-11-11 08:58

Platform

win10v2004-20231020-en

Max time kernel

150s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4228 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe
PID 4228 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe
PID 4228 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe
PID 3512 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe
PID 3512 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe
PID 3512 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe
PID 4908 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe
PID 4908 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe
PID 4908 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe
PID 5012 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 640 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 640 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3792 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3792 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c.exe

"C:\Users\Admin\AppData\Local\Temp\5f1f75142db1bc35281c8cc741bfd607ffffef16c00b6191ed931e9d06be760c.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1161314541095069630,8371878020266077101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17326839706918688876,10804548370188966615,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1161314541095069630,8371878020266077101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,17326839706918688876,10804548370188966615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x104,0x170,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,7858333681436868252,15404223211606628295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,12786394992892110798,17957185867118425231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13871538655769850980,5213014728868717071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa3fb646f8,0x7ffa3fb64708,0x7ffa3fb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4oL8MP2.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4oL8MP2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7556 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uz78RO.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uz78RO.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6436 -ip 6436

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6AC835.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6AC835.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14355140076044926059,496752279986129435,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 52.2.199.143:443 www.epicgames.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.1:443 twitter.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 143.199.2.52.in-addr.arpa udp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 play.google.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 104.244.42.133:443 t.co tcp
NL 142.251.36.14:443 play.google.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fbcdn.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 api.hcaptcha.com udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fbsbx.com udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
DE 172.217.23.202:443 jnn-pa.googleapis.com tcp
DE 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe

MD5 0acfe0dbc378333ca0c336e95ce30d2f
SHA1 61d691b7376c515a4623029bbf2701f4cf28c1e8
SHA256 6de3d28b403c49acb254ed0f4acac0828dd8aba07fa4a9e597dcfdcb9a7db67e
SHA512 8454111478f6993e2b0f47b8d48ffde1af92e5f908ca90285b39ef9487428f61b25c771c0f9368049fcb1e09bf60a440898a5688187bd870c19569978d2f8f58

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HZ3ja72.exe

MD5 0acfe0dbc378333ca0c336e95ce30d2f
SHA1 61d691b7376c515a4623029bbf2701f4cf28c1e8
SHA256 6de3d28b403c49acb254ed0f4acac0828dd8aba07fa4a9e597dcfdcb9a7db67e
SHA512 8454111478f6993e2b0f47b8d48ffde1af92e5f908ca90285b39ef9487428f61b25c771c0f9368049fcb1e09bf60a440898a5688187bd870c19569978d2f8f58

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe

MD5 2e8525b1fe1f7535c91c1f8ec1f46a3b
SHA1 9605ccc7a472ab55653a701d3a011a25645bb24c
SHA256 a30acfd2eec417c82124ddb0ca20a98cb16041e3550be8f8c6450ecdd331e299
SHA512 daf7940356d41a0a88311abc1fcb3cf4624c641b592a0c5a766ce0ea481cfe4e090170e9783ee6ebec59a038a7ecbd77a6ef9ecd5355b9b7bfc5d261735c8c04

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ti5Ai52.exe

MD5 2e8525b1fe1f7535c91c1f8ec1f46a3b
SHA1 9605ccc7a472ab55653a701d3a011a25645bb24c
SHA256 a30acfd2eec417c82124ddb0ca20a98cb16041e3550be8f8c6450ecdd331e299
SHA512 daf7940356d41a0a88311abc1fcb3cf4624c641b592a0c5a766ce0ea481cfe4e090170e9783ee6ebec59a038a7ecbd77a6ef9ecd5355b9b7bfc5d261735c8c04

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe

MD5 25f214d7a4965be4289eaedc96073cbc
SHA1 354e0101349033f00d1638fe829d7bb7794e0308
SHA256 64b2ef418dfa3f29b4a21ed9914e63c2216545a18fb4be1835efa82f38024f8a
SHA512 266b19482eed709f19b6dddaf1b5fd5ea8786be02bd544e97869c0f0820cfb7d184a22331004b487a5a4344d17cb667ec1fb7fa14c06f82f358a5fecdb7a628f

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3hh492mc.exe

MD5 25f214d7a4965be4289eaedc96073cbc
SHA1 354e0101349033f00d1638fe829d7bb7794e0308
SHA256 64b2ef418dfa3f29b4a21ed9914e63c2216545a18fb4be1835efa82f38024f8a
SHA512 266b19482eed709f19b6dddaf1b5fd5ea8786be02bd544e97869c0f0820cfb7d184a22331004b487a5a4344d17cb667ec1fb7fa14c06f82f358a5fecdb7a628f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_1436_TKKGFXBCKEKCSGOK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3416_ITGNPRVMGDJXJCQW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3064_GGQSAVSEODPMCEYP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7282d98c8c23fc7a630ef7d196b275ea
SHA1 948b770434f9415cb2add8448e4bf6476a64dd64
SHA256 894a52d08a4b17303a61ddfa5f3e92e04b75dc6e7ed08b4619eaa4e84c4ef2f0
SHA512 3af56d166e752c9ea39d1d36c4a3c30e9eda3fa26e3024dab5566574265d86e63276f100ba0679957f506fcdeef0db32cbcdaa848322b61a015fc65c70150076

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 123d79229fa7348a01b5b636cbdf4a98
SHA1 5da3c66bfa60b6307c8561d727dfdeaf914abecd
SHA256 8f65d27733d666572571b94538df29dd122d1edc21f8ceaf3515ab3d9828cd86
SHA512 39279a9ab306adf37a995bc97c022a98408fa598ee01e855a0ead7302e5da01e5d20da4c616c510acde2f856d657256110d5e21914b04b971b53457d350658d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 123d79229fa7348a01b5b636cbdf4a98
SHA1 5da3c66bfa60b6307c8561d727dfdeaf914abecd
SHA256 8f65d27733d666572571b94538df29dd122d1edc21f8ceaf3515ab3d9828cd86
SHA512 39279a9ab306adf37a995bc97c022a98408fa598ee01e855a0ead7302e5da01e5d20da4c616c510acde2f856d657256110d5e21914b04b971b53457d350658d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a54890cfd3e020378ce9496aae76bf77
SHA1 bb410ee29202d04be2b2f20d5c8ccd716fef600b
SHA256 0f6969b6d0fed4a5843147aeab9bf72a6084699fdef6a805e114eaa04be5483e
SHA512 37c40bea6270c1d4f0d2952c9ec5d67abf39c16cbb96ab13a056fd34cf04f80433ae5b4adad3d174659339f8df30d7eaa0df6f93deb6eea4beeeba2a644b8a80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a54890cfd3e020378ce9496aae76bf77
SHA1 bb410ee29202d04be2b2f20d5c8ccd716fef600b
SHA256 0f6969b6d0fed4a5843147aeab9bf72a6084699fdef6a805e114eaa04be5483e
SHA512 37c40bea6270c1d4f0d2952c9ec5d67abf39c16cbb96ab13a056fd34cf04f80433ae5b4adad3d174659339f8df30d7eaa0df6f93deb6eea4beeeba2a644b8a80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7282d98c8c23fc7a630ef7d196b275ea
SHA1 948b770434f9415cb2add8448e4bf6476a64dd64
SHA256 894a52d08a4b17303a61ddfa5f3e92e04b75dc6e7ed08b4619eaa4e84c4ef2f0
SHA512 3af56d166e752c9ea39d1d36c4a3c30e9eda3fa26e3024dab5566574265d86e63276f100ba0679957f506fcdeef0db32cbcdaa848322b61a015fc65c70150076

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3cc01ac1a12e250a9fbae3b43a2c88c4
SHA1 05a8b9b60a4dd0d60898cec0b63c65f2ff553d00
SHA256 0db7bb2b3b6f90578e7cc1a19daf6629475d4c58911188e6f813db062334913e
SHA512 10eb147d229dd301c04379b7c429952039ec269e732c32ae553a7b5189db854bbc934ba4f8b06218de1d6a458a087564331af871eb3aca63c2d5cf5182046e2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8533df32dc992e977f01197cf8c1fd53
SHA1 f8d5124f5353d9673d87fddaaf0f3dba00cb3cb6
SHA256 4f8a8d3d0063de3c2fbe708acf1c614a10625d08d1695c5831a949a92132508e
SHA512 27fef59d1843dbc631d4edf7f4ec3dbff0172277b34a27430e24924f0371c1f36714e3173cac74f816a98072b281799dfb55e2d0ae500c173bd926e3f6f28fff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3cc01ac1a12e250a9fbae3b43a2c88c4
SHA1 05a8b9b60a4dd0d60898cec0b63c65f2ff553d00
SHA256 0db7bb2b3b6f90578e7cc1a19daf6629475d4c58911188e6f813db062334913e
SHA512 10eb147d229dd301c04379b7c429952039ec269e732c32ae553a7b5189db854bbc934ba4f8b06218de1d6a458a087564331af871eb3aca63c2d5cf5182046e2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8533df32dc992e977f01197cf8c1fd53
SHA1 f8d5124f5353d9673d87fddaaf0f3dba00cb3cb6
SHA256 4f8a8d3d0063de3c2fbe708acf1c614a10625d08d1695c5831a949a92132508e
SHA512 27fef59d1843dbc631d4edf7f4ec3dbff0172277b34a27430e24924f0371c1f36714e3173cac74f816a98072b281799dfb55e2d0ae500c173bd926e3f6f28fff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 61a94a15e321f9bf6e3f3ae15a8bdaff
SHA1 9e1d8723b25859b67718be86fb6f593d767148ff
SHA256 e1603faf9699ba7f71f43a502c1f7678dd5375158383f303dcb8b21dfcadb8bc
SHA512 b66dea8dd70a2ca00e37409e10850184038abcfaf9d33c4d5920c0398b8a6fed32545d2bec71f999d7b7a37c22f600b91dc503da3c5139c38c1ffb24bd233753

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7282d98c8c23fc7a630ef7d196b275ea
SHA1 948b770434f9415cb2add8448e4bf6476a64dd64
SHA256 894a52d08a4b17303a61ddfa5f3e92e04b75dc6e7ed08b4619eaa4e84c4ef2f0
SHA512 3af56d166e752c9ea39d1d36c4a3c30e9eda3fa26e3024dab5566574265d86e63276f100ba0679957f506fcdeef0db32cbcdaa848322b61a015fc65c70150076

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 123d79229fa7348a01b5b636cbdf4a98
SHA1 5da3c66bfa60b6307c8561d727dfdeaf914abecd
SHA256 8f65d27733d666572571b94538df29dd122d1edc21f8ceaf3515ab3d9828cd86
SHA512 39279a9ab306adf37a995bc97c022a98408fa598ee01e855a0ead7302e5da01e5d20da4c616c510acde2f856d657256110d5e21914b04b971b53457d350658d5

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4oL8MP2.exe

MD5 44cbc8adabb5263deda30ded5157afba
SHA1 4ae1f37df7a836197ee530841628fd89e622c705
SHA256 2e334e783ca94fbc26c636acfc54daef4d6f9a9ccb58f3445b473d0dc9720971
SHA512 7cb1f9a16f1e6b31bcb066edcae18440d77c204f0a6a0f47b2168bca02253f90ce58611b1ac69f3361bc91c5ab8304cfcea34bf52f452676ac01a20b4ee44bb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a54890cfd3e020378ce9496aae76bf77
SHA1 bb410ee29202d04be2b2f20d5c8ccd716fef600b
SHA256 0f6969b6d0fed4a5843147aeab9bf72a6084699fdef6a805e114eaa04be5483e
SHA512 37c40bea6270c1d4f0d2952c9ec5d67abf39c16cbb96ab13a056fd34cf04f80433ae5b4adad3d174659339f8df30d7eaa0df6f93deb6eea4beeeba2a644b8a80

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4oL8MP2.exe

MD5 44cbc8adabb5263deda30ded5157afba
SHA1 4ae1f37df7a836197ee530841628fd89e622c705
SHA256 2e334e783ca94fbc26c636acfc54daef4d6f9a9ccb58f3445b473d0dc9720971
SHA512 7cb1f9a16f1e6b31bcb066edcae18440d77c204f0a6a0f47b2168bca02253f90ce58611b1ac69f3361bc91c5ab8304cfcea34bf52f452676ac01a20b4ee44bb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/6436-237-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6436-239-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6436-238-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6436-242-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uz78RO.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uz78RO.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f52367381cccb2192a02c4e2a6956fb
SHA1 7c34da639fa2c10eea6a909b58d2be8ac416a72d
SHA256 fe409bf73fddb2c58a703baf4e6ba7fea4ed6e5dab38d8e47a6f278e6ec91b74
SHA512 6112c2f31a0b99ed6e0fa8136373fd1355e976dc758d23464d95b0e67dbb64219634bea301449b87a3232391a98ceef3b771cf40a89a14dc11ada1d065a2f838

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3cc01ac1a12e250a9fbae3b43a2c88c4
SHA1 05a8b9b60a4dd0d60898cec0b63c65f2ff553d00
SHA256 0db7bb2b3b6f90578e7cc1a19daf6629475d4c58911188e6f813db062334913e
SHA512 10eb147d229dd301c04379b7c429952039ec269e732c32ae553a7b5189db854bbc934ba4f8b06218de1d6a458a087564331af871eb3aca63c2d5cf5182046e2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 635fab09ec80e49ab0a13a6b0a061419
SHA1 45441d6853679ebfba34ade03dec0eecec9f566e
SHA256 84f57eb1010292896dd663f973fb5bc5df6c8391ee9e632ecb0b413b286eafae
SHA512 08b8ae8a8b36e8c9986cdba2e888aeb6e8f684a1e60f2cbc6a153333768eda4554b6bf607eaddf6d14fbdd26cf6bcb148f90a6c7738966c671b56a27e134487a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

\??\pipe\LOCAL\crashpad_1512_CCNWCPSRVVVIMFKA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/7644-292-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6AC835.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6AC835.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

memory/7644-312-0x00000000747A0000-0x0000000074F50000-memory.dmp

memory/7644-315-0x0000000007A40000-0x0000000007FE4000-memory.dmp

memory/7644-316-0x0000000007530000-0x00000000075C2000-memory.dmp

memory/7644-317-0x0000000007520000-0x000000000752A000-memory.dmp

memory/7644-325-0x0000000008610000-0x0000000008C28000-memory.dmp

memory/7644-327-0x00000000078A0000-0x00000000079AA000-memory.dmp

memory/7644-328-0x00000000077B0000-0x00000000077C2000-memory.dmp

memory/7644-326-0x0000000007780000-0x0000000007790000-memory.dmp

memory/7644-342-0x0000000007810000-0x000000000784C000-memory.dmp

memory/7644-354-0x0000000007850000-0x000000000789C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a7bf2fc3004fd6f1f0fb374afa5aba9e
SHA1 1a54b0a6ef72b05722794f9970d7dd7fd0a33060
SHA256 1180d7637d3f7444bdd0432d859880a8a07f96f879b4678c0427ee3ceba81926
SHA512 3d476cc2b8a2d61d142f850d12445177e229141fbc9b8400548bbc20fea2e4295e4756fade6e88ee7eb17252cf0ac8ff55321c9abc3221f942c4cee1bd5a7145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581be0.TMP

MD5 dbb127594ea06bd6f0971bd3a172a481
SHA1 75bf0de176ea56012bf48d1664720a2efbd7f3fa
SHA256 e2a32da71143fe67e7101ed3df5f38dcfb6b75a9acc7184a09eb6cf2abfbd77b
SHA512 a847b7c8c5d783d1b4c60aae91a460e972cadc0d2204d7e2fc2a29213043e957f0141f17dccdce56c848f72a0ea27e81ad06376a24b175483bc2eaf3b7812230

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b1494965d9c9964c3fce3daaf879cea
SHA1 38579a83e16ccf9f1b8cb3e6ea4f839b02d8797b
SHA256 502d38b30a7ed08fc6b471dc452b18772a7f055721765eb165cb1b202a795246
SHA512 43c3b8c97def614edc607081ad7028cdd557560f71fa3efe0f2728c3316bbd06343ddc64b8148032395bb5a86fc3dd93a711fa33af398bea007e9b2e81811263

memory/8148-542-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8148-543-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8148-544-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8148-546-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 725d8e15f164f3349cc3d2e8377ba83f
SHA1 beac422be9c1724233f95f9e520a0a9827bf9292
SHA256 f310518fc1a375c49c52dc258b98d834a651fc6425a43c098c10c38f5743bc0e
SHA512 19ed7abcdfa3bfa788dcd609179ab1d5cfac3ac437393d958ae91829c6991c1297566f2f65fd03123c0ce4bd11101da9cbf5427c24d3bd4ac852ac171a7fff3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 002ba27928ad3f5e490b73c1616d94a3
SHA1 53873bab4df5e99e864aa28de392d4462ab4a510
SHA256 414532a682bdfb3f703e6af0d0e4f891122c1e8c32444c06e5bff627a0205fc2
SHA512 f35cfc84138c16cd5815c053b25a4a53fe6c6fc26f70032e6b282ef927206f23fac8757c698e4b991fa1ec0af45523e406fe5706600b7b280ade6d879e91736a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe584409.TMP

MD5 da5cc5cce0e377e3789c2db298cdf8b6
SHA1 41a27b38bd0c27525c0217b1c301e107d1726b91
SHA256 ef81346c6bbe1e0107237823ddf991a4bfe4cc2e7f5346cc0159952a70e0f188
SHA512 b6bd6fe8ccd3a2aa879a3837758a454ee6696dbc7fcb4022c5494af585c1280dc20a0756b42637cad4c09221b6b0190d2a2f9716b3a1b5ebbb87404a04a61664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b0ec1bc848c834e2bf19a49f23ef6edd
SHA1 d995a304603e0f81cadc7ace3ba415c15bf4f43c
SHA256 86a5363d9a23ab88b9215e8b05aec0311d7c76c2df56a10e0e9b4ebd10dc4699
SHA512 369a29b4902c7505ac978a513f92417176d74582319bb29887e100fb3ecbebdbc75b1bc3a2a64d98c92e2db7ed1e4d8f57405945844af489e0fc99b086e24386

memory/7644-840-0x00000000747A0000-0x0000000074F50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8d801c0-810d-4237-b08e-43635ff3bda9\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a6a9149f1a1fc0ba3cadab6f10416376
SHA1 4bf66301be745dbeda52e44779db7b26c77a33bd
SHA256 37bd16d459eca8f1160c8112d08bca3acec735490e6abd2bbebabe716ba6f670
SHA512 3217ceec5f34a301bcbc95d24e951cbf9a3c66a7b82676e8aacda5044c97b81e66740071163295e9b86a5c04692c26c7d3725d8f92a781a2c4e97618f6106a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ce2c0595d26e93e0e2c2e9664d047493
SHA1 f292d7e6bbe3c07ffcdcca041e955d920d232ae7
SHA256 1b73aad70b52368ceb334754abe37169d91266280c12c63b0eda4304785982e4
SHA512 e540fde6986fc34eb200610e10526a78b36f3ec90a79f1d1642395cb7cf94bf2960b2724488c777042917b652931bcee9ae7d28365b3095c70e4559bdbc2ec10

memory/7644-940-0x0000000007780000-0x0000000007790000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 759f519ce60cffe460698b3985d8f02b
SHA1 10c2ed499909835c540ab126686bf64b040ff4cb
SHA256 9b260fd9af64b3b27adf590dfa0e479f45d308aa0b40dff34e5ea0585a7f6305
SHA512 595058800a911f7bee0270b96ecb2e9c9bcfb07b569e56ac898974549978c3b9b0b0658af12e0730e3535f570053e61af3c37fbf783f3df8fb7f2adc6fdbf24a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4ec56c9de851c31578dce42e15b9cdab
SHA1 03811c98f546751e50edf32a9935c2afd51b629c
SHA256 4c707a4e97e3fc9ee8315f0198645ef85f9bd5f074545ecc2d79598316903908
SHA512 4f365ce9101ebb4f8fc0840db382bf862bf2a877790405727ef391a7c66ead7eeeb9edc73ab7110ff1d24dff95ec3100706c59f102d1fa5d85d31c18c04cfbcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f871e1150b89ce6f6b3a45fd8b093522
SHA1 78bdb418bb2a2311483478df8fe25d7632907a7f
SHA256 046d3a32a7cf7d7f8c775ddf549078292609ca28ac3bb285caf567afc78eb009
SHA512 edb6985b342e1097f05ce0da0c479660a60b877f231e8d525cd1bab37e606426c50a3ea56304985e5d1198a864a602c3e0ca3ff847e7640687b362d48f509579

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 38be485ac8a824f3eeaf5e88182fd892
SHA1 225803b13a04a33b65b21abadb111f150588f209
SHA256 019ab7490f91008a246222185fd2954efdbaeb6d666e9f09c07d66955691e72a
SHA512 bbb42d56d6b66be70af177f3c10c2605aa0321bf4beefb4fb682800a16cb52f01e8f3ba0464ae35de1fcf14162da7673a3911e053f6236ad9e0be52d6182ea33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589313.TMP

MD5 0466b647cf192c24a17e1d0d5497617b
SHA1 75dacedb60a79a45bfb367e773447924492ba87d
SHA256 0cdab12a1945fccac461087dbea907e70e482361fb031988eb8f575ac840dea7
SHA512 05282011790f5fb4a2987cb95a88b654934a11a3f64f116c46e222afd803d6ddb64e3e3eec814713486b2d5cbb7cd11b5e6c4f14bcaa65b428e86e434213a6ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5471b40f-ebe8-4e40-a477-47df11e8eae6\index-dir\the-real-index~RFe589640.TMP

MD5 dde8122821f8234e3446fc035bac237b
SHA1 c5cf6c6bfe388c9a5ea71019b0db41cd10a52f00
SHA256 9e078a5bf8f1cdd209eec9d3618ada315bc68f0392495babaa746ef2b6e41404
SHA512 951e639a5c5a0a899650fde4cb7ad2a6416bddd2545be0d91f6849ab7fd767b3e92e1011b8e8080a439fd28aa5c0637fa591de860a296447e3f9d7f0585da2bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5471b40f-ebe8-4e40-a477-47df11e8eae6\index-dir\the-real-index

MD5 60809fd1e95bd409a565bc7caa5864c8
SHA1 8611211faf0feb5e0564e7f324fb9d6a14efe5d6
SHA256 1123edd75f8477aa7bb1446433d382938d2475d007cff5e30a0c375a8d02cdb7
SHA512 05d604d178c6e4b7342fbf055bfacf4c41b580900e4efa9ae6ea381d2a4375d7a7c8d94ba49f92d46b5def0692061a55ca4fc6b125203792692d8495030e7eed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4e7673056615fbffbb78704b1d502768
SHA1 b83ce1616c3fc0dcf80ce02ec1a3036491eb8db7
SHA256 cd9f4cf67c63546985ef624c990800989982d39020635f44e072d4eb04ddf66a
SHA512 74a73bf810500fd6e5eafb2b6437bd9a81a361dea9f05f8e61fdb3beb6fbd3a5d61f95212e0569429bfc465fc0f1974a00db39cf2e4697809774d06402a56d8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 33da8a6db42e8cd68c47e51fd9e461e1
SHA1 3e8b1f0d5a36377b92a0ad732afca2a617e66bf7
SHA256 753fbeef0347c6eb0a53a3b655ec5d247681f76dea4a801de9499c171f2c0749
SHA512 f7cd87f0cd9888d5839b407e14259dd31616ee4da59bd28cdf4f3b098dc3b65537b54265de30971ff4c65d3535cf6acf19939c6ed155df2f15f46f67e4200da4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd69f2fe0f4b83a2433d45a16a7817b5
SHA1 b143e0394255b37c0f5e1a990ea26076cc73a5f8
SHA256 0fcb3e7c7a4cd0e103ead442f98f634d7161602f75e7ebe4ca4b6829f4f2bc06
SHA512 6f1c97ba4b68d57dac23b0fb57e06f059a93f7f6b91e67e0eb22940bafeb4244689ff52490b15d38c3fb1b66e4152885451f0a4339c06139d417b01668808dc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 81d29c2231ce405c525d70f7c94ec910
SHA1 530c759cdd0389303652e70d928f3f9de40d5e41
SHA256 5af48c1fd527ff9284b70b4f33c211748afa5fcbbd350c528ccb64a1e328767d
SHA512 c6d2e8d9d30ce4217d401da5723d837647f1d1e89ccaac5781f2ba8db203cd506598abdc1e0185bf4e5f0dfd7898c36682ee1c4a9dd3cfed06440b630af958e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b7a3139b5fa55730ce2cde361b7d1eb2
SHA1 e583cd37395a64aba37c8d1f8e14e17bf5076246
SHA256 03b24961d3fd9cb64d4878e884498bddd6747205aa9b69fc1ce4536703790e3c
SHA512 d5083fb3a59a0a48c97042c1b62b5f20747d11f7ea343ebe3850016123a5b0ebea9c645f0d46e49fe1bc537e7a6419d111f146bdf1d6afaad63f2cf0e0968971

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4714494581a1a96137bdc019f156793f
SHA1 7110378624d344b1b70bdc1c87caa622aa24f271
SHA256 21b0199ee62e6ea732e791084dbb78123862d4b01c56ec1ad064cf7b26ba6c59
SHA512 a7eb4d44e8c0e7c72178181e04ce2d5637f8c1798d25933aca83675a6d953c58242b66158c83ed0c585d3cb08d4ca04c781c2f617badcad8ab224c732f7a13c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 db15d12e330e06c6c6f6097928a49ba5
SHA1 cc0ec8bf9c040a8c2f5dea598b281c635d37c0c2
SHA256 82173e11b0acefded2154f02de5329a0febd48791c340c5cd8f7146f865dd2b5
SHA512 0ac4a5e673eea4629e3e80024c64c683b61c356d836d4f4d3a00be85cea9e301558e431e8d3aa45f2f8948842501d852dfd90fd59b6f3f4b99e9b125d95c173c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2850ab3-419a-420c-b11a-ca694c6dafc8\index-dir\the-real-index~RFe58f112.TMP

MD5 c5cb818553eda9cf1f1761b0a35e3eb9
SHA1 c8b3ac59ff5a5e2843ac114faf007250d19960da
SHA256 757169aad9b529383e81b9629d85392bd0102dec8d455cf79bb6cd2b3b47ed8e
SHA512 3075e0c81a3798fd3ec5f9dec290397d10bd954927a7eb9569d0873bf9d732169bef664a899dae8e51d4af6c0e5dccb901d25f482824bef61242dec8032d732f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2850ab3-419a-420c-b11a-ca694c6dafc8\index-dir\the-real-index

MD5 628625a0ed82f9e66d94469ee7bba1f2
SHA1 4b73faaa65cb423621d574bf67da715ec99f1a10
SHA256 b4db88f8548c532a5fc88ce67170d89d718d690a1703375b42209794cc4cbdde
SHA512 29e2834b8dbe0c321a6f44e8b7287797c8b1d3818af97abbdbc480de54b801e228fb391adbb27acee850a044b011eadd9ab43ad3e8e5ab12a0085575e067978c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4ff6135214ddf47269a151fd3863fcef
SHA1 d39b931749e42f520fa06d9b9c841f08cf90afb6
SHA256 558e84c905c236ef29ba7d795a7885573b80475225673fdd8994f8b5c8e8126d
SHA512 00ced5f712b2c185b53a3b1d41b554a87e58dde1dc518a576c5532b62fc5c2e566ecc58cfc697283ed29aabbc029475c0c6d2e5bd3023857fd27cb4752db5707

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8b4782f1-ca87-4a23-b21c-c1d2f1b0962a\index-dir\the-real-index~RFe590e9c.TMP

MD5 0e51d52e7f7b82b7bedacdad22123e16
SHA1 5255149c2770de472775e6708cbeb67bee65c28d
SHA256 a1a7a385727420baa6e0a85079b4724f921700d8822a21112d6f8c7a531435b2
SHA512 f2758a8e5005ff871c24ab56189d5d3f2b91decf15824c8da5c364be0a07141b09e018e636231b129d13e9ca2127a51b56ea22feab968f30fb76a70752dce43a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8b4782f1-ca87-4a23-b21c-c1d2f1b0962a\index-dir\the-real-index

MD5 81933bbdf387e757df94b150ace48d5c
SHA1 ea8b8e53f1f2787b7b70d5c65e00c755d9269578
SHA256 400e76836e5534ef01c47d47157800d95a7c55ff737586f0d75598d40e3b1aed
SHA512 015bbe38d5cf97d95d56b88b2babe8bab107277b1b37fda81bdca46e985e064d0f81c5f6628485f12eb8496d85ffe22cd94f730d8f5287e5c862abeeb0ef031c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 c8c9c7161be45667e300832899d89dab
SHA1 40e9520bbeead0928ebf0aa57a21c31017ea3b4e
SHA256 8a07391b309fc3cec80c3ea4d18cc34ca6a0a0efaca9a881ba85d64e01374f0e
SHA512 3c1a4f5d1a989fee0528a24bb72158bfbe5aca412355cb8a7e0727148b7cee63071b2623cde94c4a671a17b8118dd8baa94ee8fce6a89e8f4e4ef48154e9e07b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8b1a1d8d1a53d74e77d65400fb938740
SHA1 061386bef616cb30399800fe706b916006d9bd2b
SHA256 5f5ee6d5073cf433c70ee4964473dc758ea9e9956d8f9ee20b196bc3bcbf039d
SHA512 b1a66fb679bc5af7db25ad91d7df3033f00e92913f27812552c44c2f0c0e30b1ca2108f837bcb98dba76343bf4b8baec280642b16f7a3fa184d3545a2337b6e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f22da16b13a4e26652f001e8aed426e4
SHA1 ed02c07a90ccf785e3cd2158d2d2a95a74fbb944
SHA256 3a769e093f8dd0b31d3d9275b1bf19d723b084d7226b8b350600b35789c1d48a
SHA512 a872631aa854ddd482aa59b0ce10a9e889e455ac8e84559890de47cd80db2b672c6a685e66764d2f54831cf26bade3b98c7ea1d0b05a68f7dc8c773fc6eccf6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f32fd224a4b8653f4fec806044a10dd8
SHA1 b69ba85a69bfad640cc91dc5523acbf33bfc8b0a
SHA256 5c186c3f5168c4383bf2a4451b8f2dc731ccac35fffb0331c0c08b8267e7012f
SHA512 821109200493fd4c496089a73df0ca6c09cfbc259a199ba46eaceeb848c47ca8611c568507cec89f870fe309df6e0d22eb6e23144dbb032ccc6464eb54e90618