Malware Analysis Report

2025-01-02 05:30

Sample ID 231111-l2w4xaea83
Target 3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212
SHA256 3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212
Tags
mystic redline taiga infostealer persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212

Threat Level: Known bad

The file 3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence spyware stealer

Mystic

RedLine payload

RedLine

Detect Mystic stealer payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:02

Reported

2023-11-11 10:07

Platform

win10v2004-20231020-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4352 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
PID 4352 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
PID 4352 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
PID 3204 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
PID 3204 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
PID 3204 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
PID 2852 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
PID 2852 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
PID 2852 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
PID 3360 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 1456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 1456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2064 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2064 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 3100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 3100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3680 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3680 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe

"C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x164,0x174,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,5505288065453447413,17910814454724191654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,11202138363109583833,7690141913586163956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,11202138363109583833,7690141913586163956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,5505288065453447413,17910814454724191654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6596601450232069050,8788941141903473451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6596601450232069050,8788941141903473451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12726829050649750424,16233801987224539840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1540013800155242042,17412256316358264078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1659116180900583426,8822715049918223448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12726829050649750424,16233801987224539840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2696 -ip 2696

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10284 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1700 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5560 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 254.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 23.21.113.241:443 www.epicgames.com tcp
US 23.21.113.241:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 241.113.21.23.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.197:443 t.co tcp
US 93.184.220.70:443 pbs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking.epicgames.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 play.google.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 c.paypal.com udp
US 157.240.5.35:443 fbcdn.net tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
NL 142.250.179.131:443 tcp
NL 142.250.179.131:443 tcp
NL 142.250.179.131:443 tcp
NL 142.250.179.131:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 23.72.252.163:80 tcp
NL 23.72.252.163:80 tcp
US 8.8.8.8:53 udp
NL 172.217.168.196:443 tcp
US 8.8.8.8:53 udp
NL 199.232.148.157:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 142.250.179.131:443 udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.131:443 udp
DE 172.217.23.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 api.hcaptcha.com udp
DE 172.217.23.194:443 googleads.g.doubleclick.net udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 rr1---sn-ntqe6n76.googlevideo.com udp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 6.28.194.173.in-addr.arpa udp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 172.217.168.196:443 udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
IE 52.111.236.23:443 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
NL 142.250.179.131:443 udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

MD5 ca6e2773784ac10e37484c11ac990fa9
SHA1 acc832c8af21c2670a51a042dae5642325fd554d
SHA256 7a80ed70e6a9d3aabe8e7cebec48c65a3a62dae644b5d72234bb0f14cd9687b4
SHA512 0bd37dd84d834a01f10576b67caba6d9021e3e032c11550e404d22f2520200222d16f731c41926b03ec54c6f5ef281cc5833e4adab92625ef8e389ba7e19d17e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

MD5 ca6e2773784ac10e37484c11ac990fa9
SHA1 acc832c8af21c2670a51a042dae5642325fd554d
SHA256 7a80ed70e6a9d3aabe8e7cebec48c65a3a62dae644b5d72234bb0f14cd9687b4
SHA512 0bd37dd84d834a01f10576b67caba6d9021e3e032c11550e404d22f2520200222d16f731c41926b03ec54c6f5ef281cc5833e4adab92625ef8e389ba7e19d17e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

MD5 f5466eaab2fd1a07bc02e9eb64ed7ad7
SHA1 cac9130c9303a97cd62acdbb6e56f9c8665ecb2c
SHA256 ce483fdccf2bcbe0359fb7208876167a0ef6e897c32f5115bee5cd802c58823a
SHA512 16b79f87cf4824839f2c81514b8a6a4ac880fe2b89ed147fe2bb0b13ec55d6627a832e507a0c189c117605caf1f562a3e49ce8e347d3287ecb0ab92766b23ff2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

MD5 f5466eaab2fd1a07bc02e9eb64ed7ad7
SHA1 cac9130c9303a97cd62acdbb6e56f9c8665ecb2c
SHA256 ce483fdccf2bcbe0359fb7208876167a0ef6e897c32f5115bee5cd802c58823a
SHA512 16b79f87cf4824839f2c81514b8a6a4ac880fe2b89ed147fe2bb0b13ec55d6627a832e507a0c189c117605caf1f562a3e49ce8e347d3287ecb0ab92766b23ff2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

MD5 60dd201bc7d2074f64681ab5b9611fba
SHA1 7ba295310961de0f929d825c5ed976ab89f3dc5b
SHA256 2f4d9bf2477ad970e556620e0033ac02cb4c9e58a72dceeaa26e2d68552f962b
SHA512 d66312cdc9541a77c4b688e940e47d1672065b6aaa215d2dbbb516a7f7b9b477a4d84bac1222b5bb5afc17206cb31a1b62a8dfc93169f64ebcd04c41c9638533

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

MD5 60dd201bc7d2074f64681ab5b9611fba
SHA1 7ba295310961de0f929d825c5ed976ab89f3dc5b
SHA256 2f4d9bf2477ad970e556620e0033ac02cb4c9e58a72dceeaa26e2d68552f962b
SHA512 d66312cdc9541a77c4b688e940e47d1672065b6aaa215d2dbbb516a7f7b9b477a4d84bac1222b5bb5afc17206cb31a1b62a8dfc93169f64ebcd04c41c9638533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2064_JMHJJLLCZKAZGOLZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3484_ZWPDFNBSHOPGGUYQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2080_SUIHXTPQFBHHYLEL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfb9d82d29c7800d9ff895c30d4ec17e
SHA1 d94cacd1f0610b9d01f870c4f7e2c8e0fd1f3f1e
SHA256 6b4bd8324ab34587f17bc814c4fcb2e96a787909bcf5f4e53bb41cf127ef6639
SHA512 cf7a2a7d0c6f6f8db6d94aff0c488611cbf265bb6f4d10cbab56c4830ed417602736cb3b24f2f2cc12a33b2ac5c9fd23cb945f31ea022cc08e1a7d8d8bdf180d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17b1ad30450e3afbdd3ef59f885c8f8b
SHA1 1279768ee831ab8a12855cbbf5b07432049660af
SHA256 0ff64b08e571ce4d9ad9979d5dffa5fe364122a3a4fe496087a59c1d2eac888b
SHA512 d9cd052863d140d6aa18326fe906df14ba68c5fd382dde5bb509ea78bf77d4ef431d62c0e8717205794d1e6ab0286a984c510a5b8b4525db8a56abc094100e1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17b1ad30450e3afbdd3ef59f885c8f8b
SHA1 1279768ee831ab8a12855cbbf5b07432049660af
SHA256 0ff64b08e571ce4d9ad9979d5dffa5fe364122a3a4fe496087a59c1d2eac888b
SHA512 d9cd052863d140d6aa18326fe906df14ba68c5fd382dde5bb509ea78bf77d4ef431d62c0e8717205794d1e6ab0286a984c510a5b8b4525db8a56abc094100e1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9212e72a41c8234d09a61e10d5afed98
SHA1 2c0b58493b7b107f11becd27f8b6a5bef81b0b89
SHA256 8ea6c3a7c6edc8669443db33876458c042070ade5bbc3524324b6add200c11c8
SHA512 93355b7d9d07a7620abb14339a47f993537a29b48526e6cb578d5e3f99e6c1005586c55634d586e009ef35b822ea1234dd7f68e8820aaeeb7da8cab76ac8b405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f56fb563-fc09-41b4-8e9b-e78cf0e9ae53.tmp

MD5 9b3b5445b7a501ee421bda88669eef1f
SHA1 3105409061a1d3f7291711e1f050c7e5e5f984d4
SHA256 de40663d8400a91fe210722b691b86acf0b988a8e77de5e676ba142dd05b2c10
SHA512 720722ea237084d6d9c7f198bdb6e9099b036fae060affa6dba83d119a1fb3d90640c8c2e4e3b0c422031bbd790183b8032b7af7b8a334a1e1d77b14bb733a2d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

MD5 a47c10eb8f72b14ba09ea12c5bb20454
SHA1 1e249ec31140e1c052c1ffa0f5355de8084f3002
SHA256 c95d5ad88d1bca772e02f2f52ea1807d0475b97f26196bae5c7f8fb43ff5f56e
SHA512 8c64bd22d508d69eb5d48a8394040ff915c78203c9f1ac740219dff6c11091b5ddb1b270774e2df5ef1160a52edb182476004483053a05b82fb643aab338bd41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9212e72a41c8234d09a61e10d5afed98
SHA1 2c0b58493b7b107f11becd27f8b6a5bef81b0b89
SHA256 8ea6c3a7c6edc8669443db33876458c042070ade5bbc3524324b6add200c11c8
SHA512 93355b7d9d07a7620abb14339a47f993537a29b48526e6cb578d5e3f99e6c1005586c55634d586e009ef35b822ea1234dd7f68e8820aaeeb7da8cab76ac8b405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfb9d82d29c7800d9ff895c30d4ec17e
SHA1 d94cacd1f0610b9d01f870c4f7e2c8e0fd1f3f1e
SHA256 6b4bd8324ab34587f17bc814c4fcb2e96a787909bcf5f4e53bb41cf127ef6639
SHA512 cf7a2a7d0c6f6f8db6d94aff0c488611cbf265bb6f4d10cbab56c4830ed417602736cb3b24f2f2cc12a33b2ac5c9fd23cb945f31ea022cc08e1a7d8d8bdf180d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17b1ad30450e3afbdd3ef59f885c8f8b
SHA1 1279768ee831ab8a12855cbbf5b07432049660af
SHA256 0ff64b08e571ce4d9ad9979d5dffa5fe364122a3a4fe496087a59c1d2eac888b
SHA512 d9cd052863d140d6aa18326fe906df14ba68c5fd382dde5bb509ea78bf77d4ef431d62c0e8717205794d1e6ab0286a984c510a5b8b4525db8a56abc094100e1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b3b5445b7a501ee421bda88669eef1f
SHA1 3105409061a1d3f7291711e1f050c7e5e5f984d4
SHA256 de40663d8400a91fe210722b691b86acf0b988a8e77de5e676ba142dd05b2c10
SHA512 720722ea237084d6d9c7f198bdb6e9099b036fae060affa6dba83d119a1fb3d90640c8c2e4e3b0c422031bbd790183b8032b7af7b8a334a1e1d77b14bb733a2d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

MD5 a47c10eb8f72b14ba09ea12c5bb20454
SHA1 1e249ec31140e1c052c1ffa0f5355de8084f3002
SHA256 c95d5ad88d1bca772e02f2f52ea1807d0475b97f26196bae5c7f8fb43ff5f56e
SHA512 8c64bd22d508d69eb5d48a8394040ff915c78203c9f1ac740219dff6c11091b5ddb1b270774e2df5ef1160a52edb182476004483053a05b82fb643aab338bd41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b7303e8e321714bbab8b7a5eeb35b25
SHA1 5337eb26de86d91de94a0f9a5e577aa0ffa8e115
SHA256 8bface407b92b1d41067885030b19ee404dfc8c526038e0f133124791ec9fc6d
SHA512 6376ddb343fba7008b241d4998aa8afcf5e22eed4dee16d78c5f64cac537ef62bb848af72cdf481c7953e9b5a0c33cbd32f2c81a26f83ef1c71f15cdad3e6898

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9d503c539990db94f42749ec98481021
SHA1 221da9e868c25213d8a59c3592a1f308915252c9
SHA256 7a256710fc8d84714a77d4416429dc4bc021501dda263fa6191fac175b756f91
SHA512 3b3f657d30714b967db27f8c21d8bf972aac159e38fa6c9993ebf3c01b8b88f3d757ac9303f663a8dcf128212d3c62ec62232474f94ae462ce1b208b300f45e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b3b5445b7a501ee421bda88669eef1f
SHA1 3105409061a1d3f7291711e1f050c7e5e5f984d4
SHA256 de40663d8400a91fe210722b691b86acf0b988a8e77de5e676ba142dd05b2c10
SHA512 720722ea237084d6d9c7f198bdb6e9099b036fae060affa6dba83d119a1fb3d90640c8c2e4e3b0c422031bbd790183b8032b7af7b8a334a1e1d77b14bb733a2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e81abd81c69defa66dc99b6b7bf3a37c
SHA1 48c2788a131d1345b4b013a9b32165ad5aee2981
SHA256 34bd673eff9ebfb95018d247344fc951d4bccb819a95c0065c4a2ddc67e23cd9
SHA512 1aaaa8eca7e31ca86e49d9e087c9d7404503f9b3adf9a49ffaf6e80e5ac5eb2e782ce36be3e06ad3a4b4cbc2a6a080356c997b3f878c8185554d8a560c86ac19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e81abd81c69defa66dc99b6b7bf3a37c
SHA1 48c2788a131d1345b4b013a9b32165ad5aee2981
SHA256 34bd673eff9ebfb95018d247344fc951d4bccb819a95c0065c4a2ddc67e23cd9
SHA512 1aaaa8eca7e31ca86e49d9e087c9d7404503f9b3adf9a49ffaf6e80e5ac5eb2e782ce36be3e06ad3a4b4cbc2a6a080356c997b3f878c8185554d8a560c86ac19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b7303e8e321714bbab8b7a5eeb35b25
SHA1 5337eb26de86d91de94a0f9a5e577aa0ffa8e115
SHA256 8bface407b92b1d41067885030b19ee404dfc8c526038e0f133124791ec9fc6d
SHA512 6376ddb343fba7008b241d4998aa8afcf5e22eed4dee16d78c5f64cac537ef62bb848af72cdf481c7953e9b5a0c33cbd32f2c81a26f83ef1c71f15cdad3e6898

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9212e72a41c8234d09a61e10d5afed98
SHA1 2c0b58493b7b107f11becd27f8b6a5bef81b0b89
SHA256 8ea6c3a7c6edc8669443db33876458c042070ade5bbc3524324b6add200c11c8
SHA512 93355b7d9d07a7620abb14339a47f993537a29b48526e6cb578d5e3f99e6c1005586c55634d586e009ef35b822ea1234dd7f68e8820aaeeb7da8cab76ac8b405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b7303e8e321714bbab8b7a5eeb35b25
SHA1 5337eb26de86d91de94a0f9a5e577aa0ffa8e115
SHA256 8bface407b92b1d41067885030b19ee404dfc8c526038e0f133124791ec9fc6d
SHA512 6376ddb343fba7008b241d4998aa8afcf5e22eed4dee16d78c5f64cac537ef62bb848af72cdf481c7953e9b5a0c33cbd32f2c81a26f83ef1c71f15cdad3e6898

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfb9d82d29c7800d9ff895c30d4ec17e
SHA1 d94cacd1f0610b9d01f870c4f7e2c8e0fd1f3f1e
SHA256 6b4bd8324ab34587f17bc814c4fcb2e96a787909bcf5f4e53bb41cf127ef6639
SHA512 cf7a2a7d0c6f6f8db6d94aff0c488611cbf265bb6f4d10cbab56c4830ed417602736cb3b24f2f2cc12a33b2ac5c9fd23cb945f31ea022cc08e1a7d8d8bdf180d

\??\pipe\LOCAL\crashpad_3680_ITMWGVYJVWAAGVGX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2820_JRSNEPYMXWMWPBFW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 80943db86800dc2d04b4f6728987e236
SHA1 53640bb9fab5317a68ca741b92b98f656c5be4fa
SHA256 4bcaf9bdfb7c757220a78be8d5ab29880b03ce0cb15bdb18c4d391542a87a7c5
SHA512 3b17632365753da9ecb07f8c97be0f33657da39ba8a4a0593efbc6146daaf1d08682bf8c5858a513f8e6e85b1e0982ca30fe9760343ae1ad049ce0a1d946f20b

memory/2696-442-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2696-445-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2696-446-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2696-448-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f8a726850fcb57cf229dbc351472f43
SHA1 2ce6fea0168539a751f75259a4b1064049fa0894
SHA256 72f1a1f575495916d5f77e495eb36121b84f91849c2662f91dede16046d73ceb
SHA512 b3b787acade07efba0880de64b8ff44a17fa99ebad1d42e26b0ead84c288d812a1f527605586bf240f83edae9373236aab16d5c24de99d3f4ddf806fd563dd69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 80761e766dbe574392bf10eb95b7a059
SHA1 bc0d1dd68550a27267d45d7c72e5c0e7ac5cc70b
SHA256 3099f909e08695310c86b7f47ef26c251d94bef825cc733d71b533127209cc01
SHA512 9968513f47842359a11c1d27a53b8010803f5f96296ac28050589c628606f3fbe89a60ba9b099290c4c5349c976ce8675f0717c6fa1738dd8b5ff136b20e1f18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5836f9.TMP

MD5 be8935f2504ad9bb6d54e635e36bac5c
SHA1 da7793442d42dcc10671b51686eb9e34cb39e2c9
SHA256 9aa7144ca6b607f18b8af07cf0f78c96ad8f99a8c9720b0bb07d5d034b2fb211
SHA512 ef3abfe64cadfa65e3676a8a5f0ff8eba9582cb96ab606f4928a95797189cfc7fa6377a586859517c99e28fe2eb51ae7d22104baacc6119946f40bfe5f2939e5

memory/1788-620-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1788-626-0x0000000073DA0000-0x0000000074550000-memory.dmp

memory/1788-627-0x0000000007AC0000-0x0000000008064000-memory.dmp

memory/1788-628-0x00000000075B0000-0x0000000007642000-memory.dmp

memory/1788-629-0x0000000007830000-0x0000000007840000-memory.dmp

memory/1788-630-0x0000000007650000-0x000000000765A000-memory.dmp

memory/1788-631-0x0000000008690000-0x0000000008CA8000-memory.dmp

memory/1788-632-0x0000000007950000-0x0000000007A5A000-memory.dmp

memory/1788-633-0x0000000007840000-0x0000000007852000-memory.dmp

memory/1788-634-0x00000000078A0000-0x00000000078DC000-memory.dmp

memory/1788-635-0x00000000078E0000-0x000000000792C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 07183ae7646c524f169c810aa5f55bd4
SHA1 20706a5fd87a57d3cebb2d8e41b7db0b743e1e45
SHA256 a6eb6805c9d317836aa0fe8f71c5fac208621c1eab9d8ba01b4452172bdeaef9
SHA512 3c0dda631767c38db8e310a160b3e73da03092287e02adb11a654ef11ec9b7a782ac6b5668a069c71833b289c6ab4ea71e36b50f1a709ac028760a2c9470a883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe585270.TMP

MD5 17b83dea044b5fbeae2013fff8f48921
SHA1 12decfd4423849e567f6a649e5043c2a6e421fb9
SHA256 62f0546ccecff45e99720a442a5d9bb68b2583f4d8715a5b9f1d84a7f3d150ac
SHA512 4e25ad6c383443d2fe92fdb5349ebfd2df0b2cec0a42c5af8bf682111158d1a4e64187e8fd58fc8dadb10c508014c02cba08396ad45c5b03599cb96bab220f97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b474bbd4483247f43ad38af24f55a40
SHA1 c8686fda4550f9fbb9b1bd785d253b21d9cef1b4
SHA256 a1f0adb7b85e90ea881a0ee4da6b63abbb913459d971865d383d889e0780946f
SHA512 a36bb6e469c63471e632efd63aad5b14ed08f6200e7b490b6f376b95b8c1b28b1c29c3fd1bcf02b353d75df5a1e3cc9169a757472f2694ead902f56bdc403787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/1560-975-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1560-978-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1560-979-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1560-981-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 98ed8fefb860f3ac91725cee3b3c8ec8
SHA1 012d01fc75530b3afb6cac55d0780c78cdd5db70
SHA256 c859b3b5ce788f87d6e5da844b3b1423f96b10831e548a7f3c4bebdae05188eb
SHA512 d767773b44805eb2f42158e1fd9fd03e87eed7ac27fc627338b16267f0f45ccc7a411306147b7f1b56c5e2f47f6a57889a438a2014479f7599dd16be64eaf645

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5b214e7f0f53efefd26edf1adb174594
SHA1 c12e2bf14ffb1b78fed86ce2160460943d17b094
SHA256 e4105498170c243e03a05026d428f6c143e27b312a7a1c7ded771959a2b839ca
SHA512 714f296ebcc0294d1824e9e15c6ebc625f0224fcea8c828052f47d57341ce331762a6b55377fc3c77da97512d76e832922ef6590b370d854916b7b6f907c77e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e316c7b8181761b0c06d4d3c8ae318c
SHA1 dfe1592def1979257ded0b0bff2e9ac3681d179b
SHA256 40881d2b41f55ae48470cb066bdcaec40b6a5f5bb88340f4bb3a0fc86e9b3275
SHA512 78f259a6268387264ca2c7c9100fb8379d85593196dfadc1e5e3c36aa3b6d84b725d24fe18ef2b39ca19f810b33eeb61a418bd8e72f087b76c7c4faf9c49b14e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a154aea2-e329-470c-824e-3e517f0a3f6d\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a5759d9c7968ae22b99af2141888ef1a
SHA1 8027f7be79df9f682fdae9ef2d839ed45f054c69
SHA256 54a73034f6a6b58e452aac58566e11f9cfeb08e26cc30989b6473c1a522c2cc6
SHA512 8e0d20c48155471ee70756cc659a9a5306cc2374094cbce0be34ffa0a1defeda18829008aba02e2eb56977bde71744889136996b417aaf64e64d384dcb719017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bebf1a0ac636a440f5019ed874a163f6
SHA1 cd9df21f36fbbd035a01493e7227ef91de261e68
SHA256 e48b05c3dc501a54ebfae178569fa6d6198ec6103b280acc9390f93fb31b3186
SHA512 0bcfa69956fa190951e9e3a662b7fcc6133b3394c58afbabb5664eb4838ed34abd80a55027d09200fa555a7874daca84eb4ad092572768ce56386ba3d94f1df1

memory/1788-1149-0x0000000073DA0000-0x0000000074550000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2b9d8b5269312ff0030bc7fd68445244
SHA1 02e41271b2d60d4df0258fab0e64481d1849bfe4
SHA256 531dd2119cac5974fbd005650d514194b4850038bee9058807d342932615801b
SHA512 afd62321dc08ae7b79f6df7364db51cdc8c4cf591f1291ee63e9911ff9eeb1690f202b7eb47d03fe6e8d3b328e998f7a26ac9ee6897f9d269db903a1ee549dfe

memory/1788-1271-0x0000000007830000-0x0000000007840000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\74b9b93e-1bcf-43fd-852a-441baca7434e\index-dir\the-real-index

MD5 143c2d235efc7c2abf8208e513f527c2
SHA1 406f74a3abb5ad11a7e331a6b49163ef9662887d
SHA256 1fdcaf87ab9b084f733ea9c242773bf884dfa557011fcf12f58082bfa0949d9f
SHA512 1a10c0bd8ef757a536dc4ad3818a0fefc9f5f2a5a9a22888ba91c683f4750f3f27ec878a6a17b61bd163d6a5283245444356c31e611e885dbe0619832e9f1d39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\74b9b93e-1bcf-43fd-852a-441baca7434e\index-dir\the-real-index

MD5 ee79ecfb9f6062e1078f498b1d55dc01
SHA1 d484cfa59d3c4f0298b9ab0c297007d7b8969414
SHA256 32c40b65bcaa3393b275b73d4b7651493d526292cc07623f081c7489bbc10030
SHA512 e56fbc59dc839193cdcf80e03e369b3a22d37530795a85da3f734c786ced277dff98ef841fbacea678f46367d618e01b9799869a28dc04792f5cceab08633c64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 030c769d706faedc6e62a2263b0e24a7
SHA1 9eb8e232818d6f747ee1e14ecb7f34178373d616
SHA256 32fa90f7de44a5ff6dfe2ebdd21aac57abb841d479ea2ededaeed98a14657d99
SHA512 4a20e63e033ac3d90476bb1b9f356b7f9b9256df79a3c37dbc1f76b0c2c78ed64cecd017096f3808e9670c2708c1066a29206ef1be7e8ae937c4146dff0e8385

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc45501f63c7daf6af23494353506b88
SHA1 5d0c5cfabdc6cf6eb51ada6053bf7e01750c90ca
SHA256 48176d9de7f3b372a5ebd10dfb29567ad82d2e52e83cb23830f1780a92d86bc9
SHA512 0969b4f839ce84fd0a0cafcf8950d3a2641ef099c5b176a8e1db18da876f882e1ceeef92451a9ca08f8edb3930899800a36f0f1eb1e7ae29360f9f131f39ab50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b3a6eb0ee8956e3920c8083a13aa4ffa
SHA1 235ffa7e0b68bc814e19e79d5c10ba7023a87afd
SHA256 306d4e51d04c24f63813da2953f4a69fb1f2fb41bdeaa171556911e67b0d92d6
SHA512 2cb0e4462a03301f204b49c604797cb3261ba1c002397c68dacab88de02d36d58b0f2e74b1be0dba6526dab61481d27a549792cc0dba0b141c0ad04d2986d0f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 07c219d789b2035dc3484cb26a8d99e8
SHA1 11d4334b480693f25112d66fe386a8399f088303
SHA256 dbd4f0fbc5e38bd49700f97c097cbba95979dc8f95452136e25f2c7b0f9cc879
SHA512 f0fc10148aa7c407351386446f93afe8f48bf0c31be81b4b7733c8896bbbabd680d171338bd1c4d4db6a05ae24f13215562be07d207a2b0fa19a965ce1fe4120

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b8c0aea093e15b963ace283a0e19343a
SHA1 7046b9b6d05814057e21ccb9eb300ab58c9d1d6f
SHA256 d52b7e362a3d3ed4d21f6d5f8837582105df020590d897267a81ad635c479313
SHA512 adb8cc711ac222a1a775835d4618f8f35c782ee27bc871d545f4f6924e0003849fd6e9445164c28faa4fdab3fda82175bd40da7099857726d17afc112970bfaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ecdc.TMP

MD5 0d065a9c2efab2d6f2222a1eecc6c851
SHA1 893d46256e4237df0395794f08679a0225192116
SHA256 ade0a3e1c0b11a061a4a740c03084269d825d152ebf7ba5a5789316dfa5af38e
SHA512 255086cd3386a4136f84faedf288f9f565cfb69174d25da295da7222039a2ec223950d17d8fa830af211a4b87cff022c2a1d37bb64ccf32e3dd619e0b5372b5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 99dab52d7140993d897279053bf3a82b
SHA1 b5f0e4ee0d02f6338394e196f5d6e01dbaacf7e8
SHA256 1f6b1f00af4405e519959b407180e384c68c00fc0b016152341304ef29abc40b
SHA512 69521d3778e3ce156c7c944c2c0a7a44eab640492f8a3483e99436f90c42899cf006dc38a5c7b2086e3a0146592e08ee3b308c9446b8ee20b263d2bbab6557ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a41bd1f-f490-41a6-948e-055e09318bf6\index-dir\the-real-index~RFe58fbb1.TMP

MD5 d03504fbb262ea7150595a52d2698f65
SHA1 904079d2d0107b72ed674564d0b425280f56941a
SHA256 eb43d17a73b0faccbf3d2cbc95820bd91663cb4c2efd962389b268945a41e187
SHA512 e154b2e8a8d23275fb2b3206d3645582af919eaeae5e8abc88036529dc73f9e9012a2e15c12a31410afef799c7a46b73d3f6b956412e98b8965846baeba429ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b2aca79b2726cfe36409104c4352cf38
SHA1 6effe79587a6670b6f4a66638611861fa53de7af
SHA256 d34026450f73c13834d82c74985d6b98953f7faa7a4e9a45db20d80b8bfe64cb
SHA512 630e75a0ef61e09cb359633652ab81cfaedf4d6831913ae91f03a30b0519e0d458e37b9777a9169c118123f02244254f0306f119fc3eed4354cb0b51ef65ac0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a41bd1f-f490-41a6-948e-055e09318bf6\index-dir\the-real-index

MD5 947dcab6938408fc57766d7688b27dda
SHA1 2c9afcbeeb2355d458cec84fadb9e4bb40ae44ff
SHA256 b6d4f9c8a2bf93a421be7d6a33bfb4a6620bbe26836af8c0a08b2c099093399e
SHA512 6624d19c28006414a541f82399f743b1f83ad51911d2bea1b1800a9bfbaf9eb247fd5809b439a97c180213b53f848c9456356c735740b9415071e3b0c93b28ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 09796f69f392651f9d505cb64b9b6486
SHA1 7ebb55d3d8f4fa0e6236b27322dbc4a343d35678
SHA256 745012efa5227dafc283679fa69d4b34c1b9f77908ba4e69f5d8fd15f34d2b1a
SHA512 b1efe46782b9dbade54148d6de3726328a9ad915585b3cce3d8b5d61dde65c4000208519568e37da15cde565d587d44060394b284172985294de0ea51c4f50df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\4793ac47-911a-4015-8f80-3c4631a74c66\index-dir\the-real-index

MD5 778ad7ec697fded2b8bc5e1fc3a487cd
SHA1 4202caa09c7397c20f05b7f7d818d6e5a4f78ce0
SHA256 ed5fafc2f635ea49555f5eaedfb2d635606077402c9bc56d9b01a30315190137
SHA512 1ea026659545e389fbd7fcbd8411d3f60150577b9dc49c2ea03dace36f456a4447ba9d8fe3a47e286fb0a4cfa2651a04a1bc67a91b056ccab5a8fb16c784f5f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 91fbc772f4eac8b54ce93f75744c5780
SHA1 1fe381cae85a27aa0defc10084b4503a0131578f
SHA256 c472e8b7bcdd22272a0a085741ad13f3dc7084a35d1c6692c7b08aa6a2c0f073
SHA512 fce877bdb7d6d533f76c8c17d8eb775bc3a0637e403328681ad9a438752d79f2b3bca2c5a162d78522671a92656fbc98f8a302e511b9865af5d413c433231cdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1debbf97abc0431763c5434ec77f2b1f
SHA1 7e8967501ea5a23e710629b0a268ace35edbb7e1
SHA256 31d0c5721c8b65f8acd8bf8ecaf91b6a514dcf190fa59d5bd1d02ca143c23030
SHA512 b3d72c0d378115c8820bded28055943787f5356f710bd4d93d438444039e01b0ccf13374d78b05828a3ee468b66a19abfcda582349d401ede7598490f0efd0a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 29dfc62172484eb9a6dab9191e04ec35
SHA1 90de7adc1f2b87c518011cfbe443165e97197057
SHA256 3464474f8085b663f150c3e2fb5f9c6b6ffddbd8e8fff8df3cfd674558c32b61
SHA512 55faff1c76af7d8389e3de9050f04a373725dba5dd8b4094b4fb40af069edc44f46eb34bd66af176d0f85ec49f173602c9b93a8d2cced405b131a47e89d39b34