Analysis Overview
SHA256
3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212
Threat Level: Known bad
The file 3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212 was found to be: Known bad.
Malicious Activity Summary
Mystic
RedLine payload
RedLine
Detect Mystic stealer payload
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Suspicious use of SetThreadContext
AutoIT Executable
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 10:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 10:02
Reported
2023-11-11 10:07
Platform
win10v2004-20231020-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4900 set thread context of 2696 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 6688 set thread context of 1788 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 7796 set thread context of 1560 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe
"C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x164,0x174,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,5505288065453447413,17910814454724191654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,11202138363109583833,7690141913586163956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,11202138363109583833,7690141913586163956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,5505288065453447413,17910814454724191654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6596601450232069050,8788941141903473451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6596601450232069050,8788941141903473451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12726829050649750424,16233801987224539840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1540013800155242042,17412256316358264078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1659116180900583426,8822715049918223448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12726829050649750424,16233801987224539840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2696 -ip 2696
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10284 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1700 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5560 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.201.240.157.in-addr.arpa | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| JP | 23.207.106.113:443 | steamcommunity.com | tcp |
| JP | 23.207.106.113:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 23.21.113.241:443 | www.epicgames.com | tcp |
| US | 23.21.113.241:443 | www.epicgames.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.106.207.23.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| NL | 199.232.148.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| NL | 199.232.148.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | 241.113.21.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 104.244.42.197:443 | t.co | tcp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| NL | 199.232.148.158:443 | video.twimg.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 44.214.245.214:443 | tracking.epicgames.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 192.55.233.1:443 | tcp | |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| NL | 23.222.49.98:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| NL | 142.250.179.131:443 | tcp | |
| NL | 142.250.179.131:443 | tcp | |
| NL | 142.250.179.131:443 | tcp | |
| NL | 142.250.179.131:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 23.72.252.163:80 | tcp | |
| NL | 23.72.252.163:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| NL | 172.217.168.196:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| NL | 199.232.148.157:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 142.250.179.131:443 | udp | |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.131:443 | udp | |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 57.53.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | rr1---sn-ntqe6n76.googlevideo.com | udp |
| AU | 173.194.28.6:443 | rr1---sn-ntqe6n76.googlevideo.com | tcp |
| AU | 173.194.28.6:443 | rr1---sn-ntqe6n76.googlevideo.com | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| AU | 173.194.28.6:443 | rr1---sn-ntqe6n76.googlevideo.com | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.28.194.173.in-addr.arpa | udp |
| AU | 173.194.28.6:443 | rr1---sn-ntqe6n76.googlevideo.com | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| AU | 173.194.28.6:443 | rr1---sn-ntqe6n76.googlevideo.com | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| AU | 173.194.28.6:443 | rr1---sn-ntqe6n76.googlevideo.com | tcp |
| AU | 173.194.28.6:443 | rr1---sn-ntqe6n76.googlevideo.com | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| NL | 172.217.168.196:443 | udp | |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| IE | 52.111.236.23:443 | tcp | |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| NL | 142.250.179.131:443 | udp | |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 253.15.104.51.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
| MD5 | ca6e2773784ac10e37484c11ac990fa9 |
| SHA1 | acc832c8af21c2670a51a042dae5642325fd554d |
| SHA256 | 7a80ed70e6a9d3aabe8e7cebec48c65a3a62dae644b5d72234bb0f14cd9687b4 |
| SHA512 | 0bd37dd84d834a01f10576b67caba6d9021e3e032c11550e404d22f2520200222d16f731c41926b03ec54c6f5ef281cc5833e4adab92625ef8e389ba7e19d17e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
| MD5 | ca6e2773784ac10e37484c11ac990fa9 |
| SHA1 | acc832c8af21c2670a51a042dae5642325fd554d |
| SHA256 | 7a80ed70e6a9d3aabe8e7cebec48c65a3a62dae644b5d72234bb0f14cd9687b4 |
| SHA512 | 0bd37dd84d834a01f10576b67caba6d9021e3e032c11550e404d22f2520200222d16f731c41926b03ec54c6f5ef281cc5833e4adab92625ef8e389ba7e19d17e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
| MD5 | f5466eaab2fd1a07bc02e9eb64ed7ad7 |
| SHA1 | cac9130c9303a97cd62acdbb6e56f9c8665ecb2c |
| SHA256 | ce483fdccf2bcbe0359fb7208876167a0ef6e897c32f5115bee5cd802c58823a |
| SHA512 | 16b79f87cf4824839f2c81514b8a6a4ac880fe2b89ed147fe2bb0b13ec55d6627a832e507a0c189c117605caf1f562a3e49ce8e347d3287ecb0ab92766b23ff2 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
| MD5 | f5466eaab2fd1a07bc02e9eb64ed7ad7 |
| SHA1 | cac9130c9303a97cd62acdbb6e56f9c8665ecb2c |
| SHA256 | ce483fdccf2bcbe0359fb7208876167a0ef6e897c32f5115bee5cd802c58823a |
| SHA512 | 16b79f87cf4824839f2c81514b8a6a4ac880fe2b89ed147fe2bb0b13ec55d6627a832e507a0c189c117605caf1f562a3e49ce8e347d3287ecb0ab92766b23ff2 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
| MD5 | 60dd201bc7d2074f64681ab5b9611fba |
| SHA1 | 7ba295310961de0f929d825c5ed976ab89f3dc5b |
| SHA256 | 2f4d9bf2477ad970e556620e0033ac02cb4c9e58a72dceeaa26e2d68552f962b |
| SHA512 | d66312cdc9541a77c4b688e940e47d1672065b6aaa215d2dbbb516a7f7b9b477a4d84bac1222b5bb5afc17206cb31a1b62a8dfc93169f64ebcd04c41c9638533 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
| MD5 | 60dd201bc7d2074f64681ab5b9611fba |
| SHA1 | 7ba295310961de0f929d825c5ed976ab89f3dc5b |
| SHA256 | 2f4d9bf2477ad970e556620e0033ac02cb4c9e58a72dceeaa26e2d68552f962b |
| SHA512 | d66312cdc9541a77c4b688e940e47d1672065b6aaa215d2dbbb516a7f7b9b477a4d84bac1222b5bb5afc17206cb31a1b62a8dfc93169f64ebcd04c41c9638533 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_2064_JMHJJLLCZKAZGOLZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_3484_ZWPDFNBSHOPGGUYQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2080_SUIHXTPQFBHHYLEL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfb9d82d29c7800d9ff895c30d4ec17e |
| SHA1 | d94cacd1f0610b9d01f870c4f7e2c8e0fd1f3f1e |
| SHA256 | 6b4bd8324ab34587f17bc814c4fcb2e96a787909bcf5f4e53bb41cf127ef6639 |
| SHA512 | cf7a2a7d0c6f6f8db6d94aff0c488611cbf265bb6f4d10cbab56c4830ed417602736cb3b24f2f2cc12a33b2ac5c9fd23cb945f31ea022cc08e1a7d8d8bdf180d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 17b1ad30450e3afbdd3ef59f885c8f8b |
| SHA1 | 1279768ee831ab8a12855cbbf5b07432049660af |
| SHA256 | 0ff64b08e571ce4d9ad9979d5dffa5fe364122a3a4fe496087a59c1d2eac888b |
| SHA512 | d9cd052863d140d6aa18326fe906df14ba68c5fd382dde5bb509ea78bf77d4ef431d62c0e8717205794d1e6ab0286a984c510a5b8b4525db8a56abc094100e1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 17b1ad30450e3afbdd3ef59f885c8f8b |
| SHA1 | 1279768ee831ab8a12855cbbf5b07432049660af |
| SHA256 | 0ff64b08e571ce4d9ad9979d5dffa5fe364122a3a4fe496087a59c1d2eac888b |
| SHA512 | d9cd052863d140d6aa18326fe906df14ba68c5fd382dde5bb509ea78bf77d4ef431d62c0e8717205794d1e6ab0286a984c510a5b8b4525db8a56abc094100e1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9212e72a41c8234d09a61e10d5afed98 |
| SHA1 | 2c0b58493b7b107f11becd27f8b6a5bef81b0b89 |
| SHA256 | 8ea6c3a7c6edc8669443db33876458c042070ade5bbc3524324b6add200c11c8 |
| SHA512 | 93355b7d9d07a7620abb14339a47f993537a29b48526e6cb578d5e3f99e6c1005586c55634d586e009ef35b822ea1234dd7f68e8820aaeeb7da8cab76ac8b405 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f56fb563-fc09-41b4-8e9b-e78cf0e9ae53.tmp
| MD5 | 9b3b5445b7a501ee421bda88669eef1f |
| SHA1 | 3105409061a1d3f7291711e1f050c7e5e5f984d4 |
| SHA256 | de40663d8400a91fe210722b691b86acf0b988a8e77de5e676ba142dd05b2c10 |
| SHA512 | 720722ea237084d6d9c7f198bdb6e9099b036fae060affa6dba83d119a1fb3d90640c8c2e4e3b0c422031bbd790183b8032b7af7b8a334a1e1d77b14bb733a2d |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe
| MD5 | a47c10eb8f72b14ba09ea12c5bb20454 |
| SHA1 | 1e249ec31140e1c052c1ffa0f5355de8084f3002 |
| SHA256 | c95d5ad88d1bca772e02f2f52ea1807d0475b97f26196bae5c7f8fb43ff5f56e |
| SHA512 | 8c64bd22d508d69eb5d48a8394040ff915c78203c9f1ac740219dff6c11091b5ddb1b270774e2df5ef1160a52edb182476004483053a05b82fb643aab338bd41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9212e72a41c8234d09a61e10d5afed98 |
| SHA1 | 2c0b58493b7b107f11becd27f8b6a5bef81b0b89 |
| SHA256 | 8ea6c3a7c6edc8669443db33876458c042070ade5bbc3524324b6add200c11c8 |
| SHA512 | 93355b7d9d07a7620abb14339a47f993537a29b48526e6cb578d5e3f99e6c1005586c55634d586e009ef35b822ea1234dd7f68e8820aaeeb7da8cab76ac8b405 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfb9d82d29c7800d9ff895c30d4ec17e |
| SHA1 | d94cacd1f0610b9d01f870c4f7e2c8e0fd1f3f1e |
| SHA256 | 6b4bd8324ab34587f17bc814c4fcb2e96a787909bcf5f4e53bb41cf127ef6639 |
| SHA512 | cf7a2a7d0c6f6f8db6d94aff0c488611cbf265bb6f4d10cbab56c4830ed417602736cb3b24f2f2cc12a33b2ac5c9fd23cb945f31ea022cc08e1a7d8d8bdf180d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 17b1ad30450e3afbdd3ef59f885c8f8b |
| SHA1 | 1279768ee831ab8a12855cbbf5b07432049660af |
| SHA256 | 0ff64b08e571ce4d9ad9979d5dffa5fe364122a3a4fe496087a59c1d2eac888b |
| SHA512 | d9cd052863d140d6aa18326fe906df14ba68c5fd382dde5bb509ea78bf77d4ef431d62c0e8717205794d1e6ab0286a984c510a5b8b4525db8a56abc094100e1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b3b5445b7a501ee421bda88669eef1f |
| SHA1 | 3105409061a1d3f7291711e1f050c7e5e5f984d4 |
| SHA256 | de40663d8400a91fe210722b691b86acf0b988a8e77de5e676ba142dd05b2c10 |
| SHA512 | 720722ea237084d6d9c7f198bdb6e9099b036fae060affa6dba83d119a1fb3d90640c8c2e4e3b0c422031bbd790183b8032b7af7b8a334a1e1d77b14bb733a2d |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe
| MD5 | a47c10eb8f72b14ba09ea12c5bb20454 |
| SHA1 | 1e249ec31140e1c052c1ffa0f5355de8084f3002 |
| SHA256 | c95d5ad88d1bca772e02f2f52ea1807d0475b97f26196bae5c7f8fb43ff5f56e |
| SHA512 | 8c64bd22d508d69eb5d48a8394040ff915c78203c9f1ac740219dff6c11091b5ddb1b270774e2df5ef1160a52edb182476004483053a05b82fb643aab338bd41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2b7303e8e321714bbab8b7a5eeb35b25 |
| SHA1 | 5337eb26de86d91de94a0f9a5e577aa0ffa8e115 |
| SHA256 | 8bface407b92b1d41067885030b19ee404dfc8c526038e0f133124791ec9fc6d |
| SHA512 | 6376ddb343fba7008b241d4998aa8afcf5e22eed4dee16d78c5f64cac537ef62bb848af72cdf481c7953e9b5a0c33cbd32f2c81a26f83ef1c71f15cdad3e6898 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9d503c539990db94f42749ec98481021 |
| SHA1 | 221da9e868c25213d8a59c3592a1f308915252c9 |
| SHA256 | 7a256710fc8d84714a77d4416429dc4bc021501dda263fa6191fac175b756f91 |
| SHA512 | 3b3f657d30714b967db27f8c21d8bf972aac159e38fa6c9993ebf3c01b8b88f3d757ac9303f663a8dcf128212d3c62ec62232474f94ae462ce1b208b300f45e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b3b5445b7a501ee421bda88669eef1f |
| SHA1 | 3105409061a1d3f7291711e1f050c7e5e5f984d4 |
| SHA256 | de40663d8400a91fe210722b691b86acf0b988a8e77de5e676ba142dd05b2c10 |
| SHA512 | 720722ea237084d6d9c7f198bdb6e9099b036fae060affa6dba83d119a1fb3d90640c8c2e4e3b0c422031bbd790183b8032b7af7b8a334a1e1d77b14bb733a2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e81abd81c69defa66dc99b6b7bf3a37c |
| SHA1 | 48c2788a131d1345b4b013a9b32165ad5aee2981 |
| SHA256 | 34bd673eff9ebfb95018d247344fc951d4bccb819a95c0065c4a2ddc67e23cd9 |
| SHA512 | 1aaaa8eca7e31ca86e49d9e087c9d7404503f9b3adf9a49ffaf6e80e5ac5eb2e782ce36be3e06ad3a4b4cbc2a6a080356c997b3f878c8185554d8a560c86ac19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e81abd81c69defa66dc99b6b7bf3a37c |
| SHA1 | 48c2788a131d1345b4b013a9b32165ad5aee2981 |
| SHA256 | 34bd673eff9ebfb95018d247344fc951d4bccb819a95c0065c4a2ddc67e23cd9 |
| SHA512 | 1aaaa8eca7e31ca86e49d9e087c9d7404503f9b3adf9a49ffaf6e80e5ac5eb2e782ce36be3e06ad3a4b4cbc2a6a080356c997b3f878c8185554d8a560c86ac19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2b7303e8e321714bbab8b7a5eeb35b25 |
| SHA1 | 5337eb26de86d91de94a0f9a5e577aa0ffa8e115 |
| SHA256 | 8bface407b92b1d41067885030b19ee404dfc8c526038e0f133124791ec9fc6d |
| SHA512 | 6376ddb343fba7008b241d4998aa8afcf5e22eed4dee16d78c5f64cac537ef62bb848af72cdf481c7953e9b5a0c33cbd32f2c81a26f83ef1c71f15cdad3e6898 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9212e72a41c8234d09a61e10d5afed98 |
| SHA1 | 2c0b58493b7b107f11becd27f8b6a5bef81b0b89 |
| SHA256 | 8ea6c3a7c6edc8669443db33876458c042070ade5bbc3524324b6add200c11c8 |
| SHA512 | 93355b7d9d07a7620abb14339a47f993537a29b48526e6cb578d5e3f99e6c1005586c55634d586e009ef35b822ea1234dd7f68e8820aaeeb7da8cab76ac8b405 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2b7303e8e321714bbab8b7a5eeb35b25 |
| SHA1 | 5337eb26de86d91de94a0f9a5e577aa0ffa8e115 |
| SHA256 | 8bface407b92b1d41067885030b19ee404dfc8c526038e0f133124791ec9fc6d |
| SHA512 | 6376ddb343fba7008b241d4998aa8afcf5e22eed4dee16d78c5f64cac537ef62bb848af72cdf481c7953e9b5a0c33cbd32f2c81a26f83ef1c71f15cdad3e6898 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfb9d82d29c7800d9ff895c30d4ec17e |
| SHA1 | d94cacd1f0610b9d01f870c4f7e2c8e0fd1f3f1e |
| SHA256 | 6b4bd8324ab34587f17bc814c4fcb2e96a787909bcf5f4e53bb41cf127ef6639 |
| SHA512 | cf7a2a7d0c6f6f8db6d94aff0c488611cbf265bb6f4d10cbab56c4830ed417602736cb3b24f2f2cc12a33b2ac5c9fd23cb945f31ea022cc08e1a7d8d8bdf180d |
\??\pipe\LOCAL\crashpad_3680_ITMWGVYJVWAAGVGX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2820_JRSNEPYMXWMWPBFW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80943db86800dc2d04b4f6728987e236 |
| SHA1 | 53640bb9fab5317a68ca741b92b98f656c5be4fa |
| SHA256 | 4bcaf9bdfb7c757220a78be8d5ab29880b03ce0cb15bdb18c4d391542a87a7c5 |
| SHA512 | 3b17632365753da9ecb07f8c97be0f33657da39ba8a4a0593efbc6146daaf1d08682bf8c5858a513f8e6e85b1e0982ca30fe9760343ae1ad049ce0a1d946f20b |
memory/2696-442-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2696-445-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2696-446-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2696-448-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f8a726850fcb57cf229dbc351472f43 |
| SHA1 | 2ce6fea0168539a751f75259a4b1064049fa0894 |
| SHA256 | 72f1a1f575495916d5f77e495eb36121b84f91849c2662f91dede16046d73ceb |
| SHA512 | b3b787acade07efba0880de64b8ff44a17fa99ebad1d42e26b0ead84c288d812a1f527605586bf240f83edae9373236aab16d5c24de99d3f4ddf806fd563dd69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1c706d53e85fb5321a8396d197051531 |
| SHA1 | 0d92aa8524fb1d47e7ee5d614e58a398c06141a4 |
| SHA256 | 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932 |
| SHA512 | d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 80761e766dbe574392bf10eb95b7a059 |
| SHA1 | bc0d1dd68550a27267d45d7c72e5c0e7ac5cc70b |
| SHA256 | 3099f909e08695310c86b7f47ef26c251d94bef825cc733d71b533127209cc01 |
| SHA512 | 9968513f47842359a11c1d27a53b8010803f5f96296ac28050589c628606f3fbe89a60ba9b099290c4c5349c976ce8675f0717c6fa1738dd8b5ff136b20e1f18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5836f9.TMP
| MD5 | be8935f2504ad9bb6d54e635e36bac5c |
| SHA1 | da7793442d42dcc10671b51686eb9e34cb39e2c9 |
| SHA256 | 9aa7144ca6b607f18b8af07cf0f78c96ad8f99a8c9720b0bb07d5d034b2fb211 |
| SHA512 | ef3abfe64cadfa65e3676a8a5f0ff8eba9582cb96ab606f4928a95797189cfc7fa6377a586859517c99e28fe2eb51ae7d22104baacc6119946f40bfe5f2939e5 |
memory/1788-620-0x0000000000400000-0x000000000043C000-memory.dmp
memory/1788-626-0x0000000073DA0000-0x0000000074550000-memory.dmp
memory/1788-627-0x0000000007AC0000-0x0000000008064000-memory.dmp
memory/1788-628-0x00000000075B0000-0x0000000007642000-memory.dmp
memory/1788-629-0x0000000007830000-0x0000000007840000-memory.dmp
memory/1788-630-0x0000000007650000-0x000000000765A000-memory.dmp
memory/1788-631-0x0000000008690000-0x0000000008CA8000-memory.dmp
memory/1788-632-0x0000000007950000-0x0000000007A5A000-memory.dmp
memory/1788-633-0x0000000007840000-0x0000000007852000-memory.dmp
memory/1788-634-0x00000000078A0000-0x00000000078DC000-memory.dmp
memory/1788-635-0x00000000078E0000-0x000000000792C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 07183ae7646c524f169c810aa5f55bd4 |
| SHA1 | 20706a5fd87a57d3cebb2d8e41b7db0b743e1e45 |
| SHA256 | a6eb6805c9d317836aa0fe8f71c5fac208621c1eab9d8ba01b4452172bdeaef9 |
| SHA512 | 3c0dda631767c38db8e310a160b3e73da03092287e02adb11a654ef11ec9b7a782ac6b5668a069c71833b289c6ab4ea71e36b50f1a709ac028760a2c9470a883 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe585270.TMP
| MD5 | 17b83dea044b5fbeae2013fff8f48921 |
| SHA1 | 12decfd4423849e567f6a649e5043c2a6e421fb9 |
| SHA256 | 62f0546ccecff45e99720a442a5d9bb68b2583f4d8715a5b9f1d84a7f3d150ac |
| SHA512 | 4e25ad6c383443d2fe92fdb5349ebfd2df0b2cec0a42c5af8bf682111158d1a4e64187e8fd58fc8dadb10c508014c02cba08396ad45c5b03599cb96bab220f97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b474bbd4483247f43ad38af24f55a40 |
| SHA1 | c8686fda4550f9fbb9b1bd785d253b21d9cef1b4 |
| SHA256 | a1f0adb7b85e90ea881a0ee4da6b63abbb913459d971865d383d889e0780946f |
| SHA512 | a36bb6e469c63471e632efd63aad5b14ed08f6200e7b490b6f376b95b8c1b28b1c29c3fd1bcf02b353d75df5a1e3cc9169a757472f2694ead902f56bdc403787 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
memory/1560-975-0x0000000000400000-0x0000000000488000-memory.dmp
memory/1560-978-0x0000000000400000-0x0000000000488000-memory.dmp
memory/1560-979-0x0000000000400000-0x0000000000488000-memory.dmp
memory/1560-981-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 98ed8fefb860f3ac91725cee3b3c8ec8 |
| SHA1 | 012d01fc75530b3afb6cac55d0780c78cdd5db70 |
| SHA256 | c859b3b5ce788f87d6e5da844b3b1423f96b10831e548a7f3c4bebdae05188eb |
| SHA512 | d767773b44805eb2f42158e1fd9fd03e87eed7ac27fc627338b16267f0f45ccc7a411306147b7f1b56c5e2f47f6a57889a438a2014479f7599dd16be64eaf645 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 5b214e7f0f53efefd26edf1adb174594 |
| SHA1 | c12e2bf14ffb1b78fed86ce2160460943d17b094 |
| SHA256 | e4105498170c243e03a05026d428f6c143e27b312a7a1c7ded771959a2b839ca |
| SHA512 | 714f296ebcc0294d1824e9e15c6ebc625f0224fcea8c828052f47d57341ce331762a6b55377fc3c77da97512d76e832922ef6590b370d854916b7b6f907c77e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e316c7b8181761b0c06d4d3c8ae318c |
| SHA1 | dfe1592def1979257ded0b0bff2e9ac3681d179b |
| SHA256 | 40881d2b41f55ae48470cb066bdcaec40b6a5f5bb88340f4bb3a0fc86e9b3275 |
| SHA512 | 78f259a6268387264ca2c7c9100fb8379d85593196dfadc1e5e3c36aa3b6d84b725d24fe18ef2b39ca19f810b33eeb61a418bd8e72f087b76c7c4faf9c49b14e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a154aea2-e329-470c-824e-3e517f0a3f6d\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a5759d9c7968ae22b99af2141888ef1a |
| SHA1 | 8027f7be79df9f682fdae9ef2d839ed45f054c69 |
| SHA256 | 54a73034f6a6b58e452aac58566e11f9cfeb08e26cc30989b6473c1a522c2cc6 |
| SHA512 | 8e0d20c48155471ee70756cc659a9a5306cc2374094cbce0be34ffa0a1defeda18829008aba02e2eb56977bde71744889136996b417aaf64e64d384dcb719017 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | bebf1a0ac636a440f5019ed874a163f6 |
| SHA1 | cd9df21f36fbbd035a01493e7227ef91de261e68 |
| SHA256 | e48b05c3dc501a54ebfae178569fa6d6198ec6103b280acc9390f93fb31b3186 |
| SHA512 | 0bcfa69956fa190951e9e3a662b7fcc6133b3394c58afbabb5664eb4838ed34abd80a55027d09200fa555a7874daca84eb4ad092572768ce56386ba3d94f1df1 |
memory/1788-1149-0x0000000073DA0000-0x0000000074550000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2b9d8b5269312ff0030bc7fd68445244 |
| SHA1 | 02e41271b2d60d4df0258fab0e64481d1849bfe4 |
| SHA256 | 531dd2119cac5974fbd005650d514194b4850038bee9058807d342932615801b |
| SHA512 | afd62321dc08ae7b79f6df7364db51cdc8c4cf591f1291ee63e9911ff9eeb1690f202b7eb47d03fe6e8d3b328e998f7a26ac9ee6897f9d269db903a1ee549dfe |
memory/1788-1271-0x0000000007830000-0x0000000007840000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\74b9b93e-1bcf-43fd-852a-441baca7434e\index-dir\the-real-index
| MD5 | 143c2d235efc7c2abf8208e513f527c2 |
| SHA1 | 406f74a3abb5ad11a7e331a6b49163ef9662887d |
| SHA256 | 1fdcaf87ab9b084f733ea9c242773bf884dfa557011fcf12f58082bfa0949d9f |
| SHA512 | 1a10c0bd8ef757a536dc4ad3818a0fefc9f5f2a5a9a22888ba91c683f4750f3f27ec878a6a17b61bd163d6a5283245444356c31e611e885dbe0619832e9f1d39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\74b9b93e-1bcf-43fd-852a-441baca7434e\index-dir\the-real-index
| MD5 | ee79ecfb9f6062e1078f498b1d55dc01 |
| SHA1 | d484cfa59d3c4f0298b9ab0c297007d7b8969414 |
| SHA256 | 32c40b65bcaa3393b275b73d4b7651493d526292cc07623f081c7489bbc10030 |
| SHA512 | e56fbc59dc839193cdcf80e03e369b3a22d37530795a85da3f734c786ced277dff98ef841fbacea678f46367d618e01b9799869a28dc04792f5cceab08633c64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 030c769d706faedc6e62a2263b0e24a7 |
| SHA1 | 9eb8e232818d6f747ee1e14ecb7f34178373d616 |
| SHA256 | 32fa90f7de44a5ff6dfe2ebdd21aac57abb841d479ea2ededaeed98a14657d99 |
| SHA512 | 4a20e63e033ac3d90476bb1b9f356b7f9b9256df79a3c37dbc1f76b0c2c78ed64cecd017096f3808e9670c2708c1066a29206ef1be7e8ae937c4146dff0e8385 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc45501f63c7daf6af23494353506b88 |
| SHA1 | 5d0c5cfabdc6cf6eb51ada6053bf7e01750c90ca |
| SHA256 | 48176d9de7f3b372a5ebd10dfb29567ad82d2e52e83cb23830f1780a92d86bc9 |
| SHA512 | 0969b4f839ce84fd0a0cafcf8950d3a2641ef099c5b176a8e1db18da876f882e1ceeef92451a9ca08f8edb3930899800a36f0f1eb1e7ae29360f9f131f39ab50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b3a6eb0ee8956e3920c8083a13aa4ffa |
| SHA1 | 235ffa7e0b68bc814e19e79d5c10ba7023a87afd |
| SHA256 | 306d4e51d04c24f63813da2953f4a69fb1f2fb41bdeaa171556911e67b0d92d6 |
| SHA512 | 2cb0e4462a03301f204b49c604797cb3261ba1c002397c68dacab88de02d36d58b0f2e74b1be0dba6526dab61481d27a549792cc0dba0b141c0ad04d2986d0f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 07c219d789b2035dc3484cb26a8d99e8 |
| SHA1 | 11d4334b480693f25112d66fe386a8399f088303 |
| SHA256 | dbd4f0fbc5e38bd49700f97c097cbba95979dc8f95452136e25f2c7b0f9cc879 |
| SHA512 | f0fc10148aa7c407351386446f93afe8f48bf0c31be81b4b7733c8896bbbabd680d171338bd1c4d4db6a05ae24f13215562be07d207a2b0fa19a965ce1fe4120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b8c0aea093e15b963ace283a0e19343a |
| SHA1 | 7046b9b6d05814057e21ccb9eb300ab58c9d1d6f |
| SHA256 | d52b7e362a3d3ed4d21f6d5f8837582105df020590d897267a81ad635c479313 |
| SHA512 | adb8cc711ac222a1a775835d4618f8f35c782ee27bc871d545f4f6924e0003849fd6e9445164c28faa4fdab3fda82175bd40da7099857726d17afc112970bfaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ecdc.TMP
| MD5 | 0d065a9c2efab2d6f2222a1eecc6c851 |
| SHA1 | 893d46256e4237df0395794f08679a0225192116 |
| SHA256 | ade0a3e1c0b11a061a4a740c03084269d825d152ebf7ba5a5789316dfa5af38e |
| SHA512 | 255086cd3386a4136f84faedf288f9f565cfb69174d25da295da7222039a2ec223950d17d8fa830af211a4b87cff022c2a1d37bb64ccf32e3dd619e0b5372b5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 99dab52d7140993d897279053bf3a82b |
| SHA1 | b5f0e4ee0d02f6338394e196f5d6e01dbaacf7e8 |
| SHA256 | 1f6b1f00af4405e519959b407180e384c68c00fc0b016152341304ef29abc40b |
| SHA512 | 69521d3778e3ce156c7c944c2c0a7a44eab640492f8a3483e99436f90c42899cf006dc38a5c7b2086e3a0146592e08ee3b308c9446b8ee20b263d2bbab6557ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a41bd1f-f490-41a6-948e-055e09318bf6\index-dir\the-real-index~RFe58fbb1.TMP
| MD5 | d03504fbb262ea7150595a52d2698f65 |
| SHA1 | 904079d2d0107b72ed674564d0b425280f56941a |
| SHA256 | eb43d17a73b0faccbf3d2cbc95820bd91663cb4c2efd962389b268945a41e187 |
| SHA512 | e154b2e8a8d23275fb2b3206d3645582af919eaeae5e8abc88036529dc73f9e9012a2e15c12a31410afef799c7a46b73d3f6b956412e98b8965846baeba429ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b2aca79b2726cfe36409104c4352cf38 |
| SHA1 | 6effe79587a6670b6f4a66638611861fa53de7af |
| SHA256 | d34026450f73c13834d82c74985d6b98953f7faa7a4e9a45db20d80b8bfe64cb |
| SHA512 | 630e75a0ef61e09cb359633652ab81cfaedf4d6831913ae91f03a30b0519e0d458e37b9777a9169c118123f02244254f0306f119fc3eed4354cb0b51ef65ac0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a41bd1f-f490-41a6-948e-055e09318bf6\index-dir\the-real-index
| MD5 | 947dcab6938408fc57766d7688b27dda |
| SHA1 | 2c9afcbeeb2355d458cec84fadb9e4bb40ae44ff |
| SHA256 | b6d4f9c8a2bf93a421be7d6a33bfb4a6620bbe26836af8c0a08b2c099093399e |
| SHA512 | 6624d19c28006414a541f82399f743b1f83ad51911d2bea1b1800a9bfbaf9eb247fd5809b439a97c180213b53f848c9456356c735740b9415071e3b0c93b28ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 09796f69f392651f9d505cb64b9b6486 |
| SHA1 | 7ebb55d3d8f4fa0e6236b27322dbc4a343d35678 |
| SHA256 | 745012efa5227dafc283679fa69d4b34c1b9f77908ba4e69f5d8fd15f34d2b1a |
| SHA512 | b1efe46782b9dbade54148d6de3726328a9ad915585b3cce3d8b5d61dde65c4000208519568e37da15cde565d587d44060394b284172985294de0ea51c4f50df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\4793ac47-911a-4015-8f80-3c4631a74c66\index-dir\the-real-index
| MD5 | 778ad7ec697fded2b8bc5e1fc3a487cd |
| SHA1 | 4202caa09c7397c20f05b7f7d818d6e5a4f78ce0 |
| SHA256 | ed5fafc2f635ea49555f5eaedfb2d635606077402c9bc56d9b01a30315190137 |
| SHA512 | 1ea026659545e389fbd7fcbd8411d3f60150577b9dc49c2ea03dace36f456a4447ba9d8fe3a47e286fb0a4cfa2651a04a1bc67a91b056ccab5a8fb16c784f5f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 91fbc772f4eac8b54ce93f75744c5780 |
| SHA1 | 1fe381cae85a27aa0defc10084b4503a0131578f |
| SHA256 | c472e8b7bcdd22272a0a085741ad13f3dc7084a35d1c6692c7b08aa6a2c0f073 |
| SHA512 | fce877bdb7d6d533f76c8c17d8eb775bc3a0637e403328681ad9a438752d79f2b3bca2c5a162d78522671a92656fbc98f8a302e511b9865af5d413c433231cdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1debbf97abc0431763c5434ec77f2b1f |
| SHA1 | 7e8967501ea5a23e710629b0a268ace35edbb7e1 |
| SHA256 | 31d0c5721c8b65f8acd8bf8ecaf91b6a514dcf190fa59d5bd1d02ca143c23030 |
| SHA512 | b3d72c0d378115c8820bded28055943787f5356f710bd4d93d438444039e01b0ccf13374d78b05828a3ee468b66a19abfcda582349d401ede7598490f0efd0a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 29dfc62172484eb9a6dab9191e04ec35 |
| SHA1 | 90de7adc1f2b87c518011cfbe443165e97197057 |
| SHA256 | 3464474f8085b663f150c3e2fb5f9c6b6ffddbd8e8fff8df3cfd674558c32b61 |
| SHA512 | 55faff1c76af7d8389e3de9050f04a373725dba5dd8b4094b4fb40af069edc44f46eb34bd66af176d0f85ec49f173602c9b93a8d2cced405b131a47e89d39b34 |